Wifi-soft UniBox Controller OS Command Injection Vulnerability in Billing PMS Check PHP

A critical OS command injection vulnerability has been identified in Wifi-soft UniBox Controller versions prior to 20250506. The issue resides in the billing/pms_check.php file, where the ipaddress argument can be manipulated to execute arbitrary commands on the server. This vulnerability can be exploited remotely, allowing unauthorized attackers to execute commands, potentially leading to full control over the affected router.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server, with the potential to execute malicious payloads, such as backdoors, escalate privileges, and gain control over the entire router.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the billing/pms_check.php file, manipulating the ipaddress argument to inject OS commands. This can be done remotely, targeting any affected Wifi-soft UniBox Controller instance.