UTT HiPER 810 Command Injection Vulnerability Allowing Remote Code Execution
Vulnerability
A critical remote command execution vulnerability has been identified in the UTT HiPER 810 router, specifically in the firmware version 1.7.4-141218. The vulnerability resides in the '/goform/formUser' interface within the 'setSysAdm' function. It arises from inadequate input sanitization of the 'passwd1' parameter, which allows attackers to inject shell metacharacters, such as semicolons, to execute arbitrary operating system commands with root privileges.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the affected device, with the commands being executed with root privileges.
Reproduction
To reproduce this vulnerability, log into the device via Telnet. Once logged in, send a POST request to the '/goform/formUser' endpoint with a payload that includes a semicolon followed by a command, such as 'touch /tmp/testfile', in the 'passwd1' parameter. After sending the request, check the '/tmp' directory to confirm that the command was executed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.