WDR201A WiFi Extender OS Command Injection Vulnerability in internet.cgi
Vulnerability
An OS command injection vulnerability has been identified in the WDR201A WiFi Extender, specifically in the internet.cgi binary of version LFMZX28040922V1.02. This vulnerability allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. The exploitation takes advantage of unsanitized parameter concatenation in the set_add_routing function, where injected commands are executed via popen(), with some output reflected in the HTTP response.
Impact
Exploitation of this vulnerability allows for unauthorized remote execution of shell commands on the affected device.
Reproduction
The vulnerability can be reproduced by sending a POST request to the internet.cgi script with the gateway parameter set to a crafted value that includes the desired shell command. The command will be executed on the device, and the output can be captured and reflected back in the HTTP response.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.