GL-iNet GL-AR300M16 Command Injection Vulnerability in Echo Server Function

A command injection vulnerability has been identified in the GL-iNet GL-AR300M16 router running firmware version 4.3.11. The issue arises in the enable_echo_server function, where the port parameter is not properly sanitized before being used. This flaw allows attackers to execute arbitrary commands with elevated privileges by embedding malicious input that is executed via system calls.

Impact

Exploitation of this vulnerability allows for arbitrary command execution with elevated privileges on the affected device.

Reproduction

To reproduce this vulnerability, send an HTTP POST request to the router's RPC endpoint. Include a crafted payload in the 'port' parameter of the 'enable_echo_server' method. The payload can be designed to execute arbitrary commands on the device. Make sure to include a valid Admin-Token cookie in the request headers to authenticate as an administrator.