PowerStick Wave Dual-Band WiFi Extender Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the PowerStick Wave Dual-Band WiFi Extender, version 1.0. This vulnerability allows authenticated attackers with valid credentials to execute arbitrary commands with root privileges. The issue arises from inadequate sanitization of user input in the '/cgi-bin/cgi_vista.cgi' executable, which is then passed to a system-level function call.

Impact

Exploitation of this vulnerability leads to full device compromise, allowing for interception of network traffic, deployment of malware, or use of the device as a node in a botnet.

Reproduction

To reproduce this vulnerability, authenticate to the device's web interface with valid credentials. Then, send a crafted HTTP POST request to the '/cgi-bin/cgi_vista.cgi' endpoint, including a malicious 'time_zone' parameter in the JSON payload. This request should target command ID 55, which relates to NTP settings.

Remediation

Users are advised to change the default admin password to a strong, unique one, consider replacing the device with a more secure alternative, and update the firmware if a patch is released.