AK-Nord USB-Server-LXL Privilege Escalation and Arbitrary Code Execution Vulnerability

A vulnerability in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to gain root privileges by modifying the lighttpd initialization script. This script, which is executed with root rights during system boot and upon user interaction, can be altered to execute arbitrary commands as root.

Impact

Exploitation of this vulnerability leads to unauthorized privilege escalation and arbitrary code execution with root privileges on the affected device.

Reproduction

The vulnerability can be reproduced by logging into the device via SSH as a low-privilege 'admin' user. Once logged in, the 'lighttpd' script in the '/etc/init.d/' directory can be edited using a text editor. After adding arbitrary commands to the script, these will be executed with root privileges whenever the script is manually run or the system is rebooted.

Remediation

Users can apply the patch provided by AK-Nord, available on the AK-Nord website, to address this vulnerability.