Zytec Dalian Zhuoyun Technology Central Authentication Service Command Injection Vulnerability

A command injection vulnerability has been identified in Zytec Dalian Zhuoyun Technology Central Authentication Service version 3. The issue arises in the file '/index.php/auth/Ops/git' within the HTTP Header Handler component. The vulnerability is triggered by manipulating the 'Authorization' header, which leads to the use of a hard-coded password. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for remote command execution on the server where the application is running.

Reproduction

To reproduce this vulnerability, send a POST request to '/index.php/auth/Ops/git' with the 'Authorization' header set to a base64-encoded string that includes a hard-coded password. The request should also include a 'cmd' parameter with the desired command to execute, and a 'cwd' parameter to specify the working directory.

Remediation

It is recommended to apply restrictive firewall rules to block unauthorized access to the vulnerable endpoint.