EFM ipTIME A3004T Command Injection Vulnerability

A command injection vulnerability has been identified in the EFM ipTIME A3004T router, specifically in the 14.19.0 firmware version. The issue arises in the Administrator Password Handler component, within the show_debug_screen function of the /sess-bin/timepro.cgi file. The vulnerability allows remote attackers to inject commands by manipulating the aaksjdkfj argument with a specific input. Exploitation of this vulnerability is considered difficult, but a public exploit is available.

Impact

Exploitation of this vulnerability allows for unauthorized command execution on the affected device, potentially leading to a full compromise of the router.

Reproduction

To reproduce this vulnerability, access the router's web interface and navigate to the remote debugging settings. Once there, the show_debug_screen function can be exploited by sending a crafted request that includes the aaksjdkfj parameter with the value '!@dnjsrureljrm*&'. This will trigger the command injection by exploiting the application's command handling functionality.