Intelbras RX1500 and RX3000 Unauthenticated Arbitrary Code Execution Vulnerability via ESSID Injection

A vulnerability in the Intelbras RX1500 router running firmware version 2.2.9 and the RX3000 router on version 1.0.11 allows unauthenticated attackers to execute arbitrary code. This is achieved by injecting a crafted payload into the ESSID name while creating a network. The lack of proper input validation in the web management interface enables this exploitation.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected router.

Reproduction

To reproduce this vulnerability, access the router's web management interface. Navigate to the Wi-Fi settings and create a new network. Inject a JavaScript payload into the ESSID name field. Once the network is created, the injected script will execute when the 'Site Survey' feature is used, demonstrating the cross-site scripting vulnerability.

Remediation

Users are advised to update to the beta firmware version 2.2.12 for the RX1500 and version 1.0.21 for the RX3000, both released on November 19, 2024.