Comfast CF-E4 Command Injection Vulnerability in NTP Timezone Configuration
Vulnerability
A command injection vulnerability exists in the Comfast CF-E4 WiFi router, specifically in the web management interface of version 2.6.0.1. The issue arises within the '/cgi-bin/mbox-config' endpoint when handling POST requests for the 'ntp_timezone' section. The vulnerability allows authenticated attackers to execute arbitrary commands with root privileges by injecting malicious characters into the 'timestr' parameter. This exploitation is possible because the device fails to properly validate user input, allowing crafted data to be executed as a system command.
Impact
Exploitation of this vulnerability allows for unauthorized command execution on the device with root privileges.
Reproduction
To reproduce this vulnerability, send a POST request to '/cgi-bin/mbox-config?method=SET§ion=ntp_timezone' with a 'timestr' parameter containing a crafted payload that includes shell metacharacters, such as semicolons or ampersands. This request must be made with an authenticated session.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.