Mitrastar GPT-2741GNAC-N2 SSH Root Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in Mitrastar GPT-2741GNAC-N2 devices. These devices allow SSH access to a restricted default shell. The 'deviceinfo show file' command, intended for displaying files and directories, can be exploited by injecting ' \n/bin/sh' (including the quotes and newline character) as an argument. This injection bypasses the shell restriction and provides access to a root shell.

Impact

Exploitation of this vulnerability grants unauthorized users root privileges on the affected device.

Reproduction

To reproduce this vulnerability, log into the device via SSH using the 'support' user account, which is accessible through credentials provided by Vivo (Telefonica Brasil) on their Vivo Fibra offer. Once logged in, use the 'deviceinfo show file' command and include ' \n/bin/sh' in the argument. Ensure to include the quotes and the leading newline character for the exploit to succeed.