Intelbras RX1500 Router Incorrect Access Control Vulnerability Allowing Unauthorized Firmware Upload and Command Execution

An incorrect access control vulnerability has been identified in the Intelbras RX1500 Router, specifically in versions through 2.2.17. The issue resides in the FirmwareUpload and GetFirmwareValidation functions, which can be accessed without proper authorization. This vulnerability allows attackers to forge a firmware package, upload it to the router, and execute commands by exploiting the uploaded firmware.

Impact

Exploitation of this vulnerability could lead to unauthorized firmware uploads and execution of arbitrary commands on the router.

Reproduction

To reproduce this vulnerability, send a POST request to the router's HNAP1 interface with a forged firmware package. Include the 'SOAPAction' header to specify the 'FirmwareUpload' function. After uploading the malicious firmware, use the 'GetFirmwareValidation' function to trigger the execution of commands embedded in the uploaded firmware package.