MeiG Smart FORGE_SLT711 Unauthenticated OS Command Injection Vulnerability in GoAhead Web Server
Vulnerability
A vulnerability allowing unauthenticated OS command injection has been identified in the GoAhead web server on MeiG Smart FORGE_SLT711 devices, specifically in firmware version MDM9607.LE.1.0-00110-STD.PROD-1. The vulnerability arises from a missing authentication requirement for the '/action/SetRemoteAccessCfg' endpoint, which allows users to send JSON input that is improperly sanitized before being executed as a shell command. This exploitation occurs with root privileges.
Impact
Exploitation of this vulnerability leads to unauthorized execution of arbitrary commands on the device with root privileges.
Reproduction
The vulnerability can be reproduced by sending an unauthenticated POST request to the '/action/SetRemoteAccessCfg' endpoint with a JSON payload that includes a crafted 'password' field. The GoAhead web server processes this input without proper validation or escaping, allowing for command injection. Once injected, the command is executed as root, providing an attacker with elevated privileges on the device.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.