NRadio N8-180 Command Injection Vulnerability in WiFi SSID Parameters

A command injection vulnerability has been identified in NRadio N8-180 devices running NROS-1.9.2.n3.c5. The issue arises in the '/cgi-bin/luci/nradio/basic/radio' endpoint, where the 2.4 GHz and 5 GHz name parameters can be exploited. This vulnerability allows remote attackers to execute arbitrary operating system commands on the device with root-level permissions by injecting crafted input into the WiFi SSID fields.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the device with root privileges. Additionally, it could lead to a denial-of-service condition.

Reproduction

To reproduce this vulnerability, access the '/cgi-bin/luci/nradio/basic/radio' endpoint on an NRadio N8-180 device with the NROS-1.9.2.n3.c5 firmware. Inject malicious commands into the 2.4 GHz or 5 GHz name parameters. Once the crafted input is submitted, the injected commands will be executed on the device's operating system with root permissions.