Planet WGR-500 OS Command Injection Vulnerability

A command injection vulnerability has been identified in the Planet WGR-500 router, specifically in version 1.3411b190912. This vulnerability arises in the 'formPingCmd' function, where the 'ipaddr' and 'counts' request parameters can be exploited to execute arbitrary commands on the router. The issue is related to improper validation of the 'counts' parameter, which is used to construct a system command that is executed via the 'system' function. As a result, an attacker can craft HTTP requests that manipulate the 'counts' parameter to execute malicious commands on the device.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, send an HTTP request to the Planet WGR-500 router's 'formPingCmd' function, including a crafted 'counts' parameter that injects malicious commands. The router will execute the injected commands with system privileges, as the 'formPingCmd' function directly passes the 'counts' parameter to the 'system' function without proper sanitization.