Microhard Systems IPn4G Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the Microhard Systems IPn4G version 1.1.0 admin interface. This vulnerability allows authenticated attackers to execute arbitrary commands with root privileges by exploiting hidden admin features. The exploitation can lead to the creation of crontab jobs, modification of system startup scripts, and execution of commands such as starting services, disabling firewalls, and writing files to the system.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution with root privileges on the affected device.

Reproduction

The vulnerability can be reproduced by accessing the admin interface and using the undocumented features to create crontab entries or modify startup scripts. This can be done by sending a POST request to the 'system-crontabs.sh' or 'system-startup.sh' scripts via the 'webif' CGI interface, including the desired commands or script modifications in the request.