RustFly Command Injection Vulnerability in Remote UI Control
Vulnerability
A command injection vulnerability has been identified in RustFly version 2.0.0. The issue arises in the remote UI control mechanism, which accepts hex-encoded instructions over UDP port 5005 without adequate sanitization. This flaw allows attackers to send crafted payloads containing system commands that can be executed on the target system. Exploitation of this vulnerability could lead to unauthorized operations, such as establishing a reverse shell and executing commands on the affected system.
Impact
Exploitation of this vulnerability allows for command injection, where an attacker can execute arbitrary commands on the target system. This includes the potential to establish a reverse shell, providing the attacker with remote access to the system.
Reproduction
To reproduce this vulnerability, send hex-encoded instructions over UDP port 5005 to a target running RustFly 2.0.0. The instructions can include system commands that will be executed on the target system. A PHP proof-of-concept script is available that demonstrates this exploitation by sending crafted payloads that include a PowerShell command to create a reverse shell.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.