Microhard BulletLTE-NA2 and IPn4Gii-NA2 Post-Authentication Command Injection Vulnerability

A post-authentication command injection vulnerability has been identified in the Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. This vulnerability resides within the AT+MNPINGTM command, allowing for privilege escalation. The issue stems from improper handling of command arguments, enabling authenticated users to inject commands that are executed with root privileges. The vulnerability is accessible through a restricted command-line interface via telnet or SSH, after successful authentication.

Impact

Exploitation of this vulnerability allows authenticated users to inject commands that are executed as the root user, potentially leading to unauthorized access and control over the device.

Reproduction

To reproduce this vulnerability, log into the affected device via telnet using valid credentials. Once authenticated, the AT+MNPINGTM command can be issued with injected payloads that exploit the command injection flaw. The injected commands will be executed as the root user, bypassing the restrictions of the command-line interface.