Samsung WLAN AP WEA453e Remote Command Execution Vulnerability

A remote command execution vulnerability has been identified in the Samsung WLAN Access Point model WEA453e, in versions prior to 5.2.4.T1. This vulnerability allows unauthenticated attackers to execute arbitrary shell commands with root privileges on the device. The issue arises from improper input validation in the 'Tech Support' diagnostic feature, where the command1 and command2 POST or GET parameters can be exploited to inject commands. Exploitation involves crafting a request that includes shell commands, which are then executed on the underlying operating system. Attackers can use this access to create output files in writable directories and retrieve their contents through a download endpoint, leading to a complete compromise of the device.

Impact

Exploitation of this vulnerability allows for unauthorized remote command execution with root privileges, enabling attackers to fully compromise the device.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the 'Tech Support' diagnostic functionality of the Samsung WLAN AP WEA453e. The request must include arbitrary shell commands in the command1 or command2 parameters. Once the commands are executed, any output files created can be accessed via the download endpoint.

Remediation

Users are advised to update to version 5.2.4.T1 or later. Instructions for downloading the update can be found on the Samsung Business Support page for the WEA453 model.