WDR201A WiFi Extender OS Command Injection Vulnerability in adm.cgi Reboot Function
Vulnerability
A command injection vulnerability has been identified in the WDR201A WiFi Extender, specifically in the adm.cgi binary's reboot_time function. This vulnerability allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the reboot_time POST parameter. The issue arises when the reboot_enabled parameter is set to 1, enabling the execution of injected commands, which can lead to remote code execution.
Impact
Exploitation of this vulnerability allows for unauthorized remote code execution on the affected device.
Reproduction
To reproduce this vulnerability, send a POST request to the adm.cgi script with the reboot_enabled parameter set to 1 and include injected shell commands in the reboot_time parameter. The injected commands will be executed on the device, demonstrating the command injection and resulting remote code execution.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.