QVidum Opera11 Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the QVidum Opera11 device, specifically in firmware version 2.9.0-Ax4x-opera11. The vulnerability arises from improper input validation on the '/cgi-bin/net_ping.cgi' endpoint, allowing attackers to send crafted GET requests with malicious parameters that inject arbitrary commands. These commands are executed with root privileges, granting full control over the device.

Impact

Exploitation of this vulnerability allows for remote code execution with root privileges, leading to complete compromise of the affected device.

Reproduction

To reproduce this vulnerability, send a GET request to the '/cgi-bin/net_ping.cgi' endpoint with the 'ipaddr' parameter manipulated to include a malicious command. The injected command will be executed with root privileges, and the response will contain the result of the command execution.

Remediation

QVidum has announced that it will close its doors and no longer provide support or updates for its products. Users are advised to block external access to the vulnerable endpoint via firewalls or network segmentation, restrict access to management interfaces to trusted IPs only, and monitor logs for unusual behavior or attempts to exploit this vulnerability.