Totolink N300RH OS Command Injection Vulnerability in Web Management Interface
Vulnerability
A pre-authentication OS command injection vulnerability has been identified in the Totolink N300RH router, specifically in the version 6.1c.1353_B20190305. The vulnerability resides in the web management interface, within the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi. This issue allows remote attackers to inject arbitrary shell commands that are executed with root privileges on the device, without requiring any form of authentication. The vulnerability could lead to a complete compromise of the router and potentially the network to which it is connected.
Impact
Exploitation of this vulnerability allows for remote, unauthenticated OS command execution as root, through the web management interface.
Reproduction
To reproduce this vulnerability, send an HTTP POST request to the router's web management interface with the 'webWlanIdx' parameter set to a crafted value that includes shell metacharacters. The injected command will be executed on the router with root privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.