UTT 进取 521G Command Injection Vulnerability Allowing Remote Code Execution
Vulnerability
A command injection vulnerability has been identified in the UTT 进取 521G router, specifically in the web management interface. This issue arises in the setSysAdm function within the /goform/setSysAdm endpoint, where user input from the passwd1 parameter is not properly validated. As a result, an attacker can manipulate this parameter to inject and execute arbitrary commands on the device. The vulnerability is present in the firmware version 3.1.1-190816, and exploitation can be performed remotely, with the attacker gaining full root privileges on the affected system.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the affected device, with the executed commands being run with root privileges.
Reproduction
To reproduce this vulnerability, log into the device via Telnet. Once connected, send a POST request to the /goform/setSysAdm endpoint. Include the passwd1 parameter in the request and manipulate it to inject a command, such as 'touch /tmp/testfile'. After sending the request, check the /tmp directory to verify if the injected command was executed by confirming the presence of the test file.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.