Microhard BulletLTE-NA2 and IPn4Gii-NA2 Post-Authentication Command Injection Vulnerability

A post-authentication command injection vulnerability has been identified in the Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. This vulnerability resides within the AT+MNNETSP command of the restricted command-line interface (CLI) and can lead to privilege escalation. The issue allows authenticated users to inject commands that are executed with root privileges, thereby escaping the restricted shell and gaining full access to the device.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary commands as the root user, potentially leading to complete control over the affected device.

Reproduction

To reproduce this vulnerability, an authenticated user must access the device's CLI via telnet or SSH. Once logged in, the user can issue the AT+MNNETSP command, injecting malicious payloads that exploit the command injection flaw. The injected commands will be executed as the root user, allowing for unauthorized access or control over the device.