Totolink WA300 OS Command Injection Vulnerability Allowing Unauthenticated Remote Code Execution
Vulnerability
A critical vulnerability exists in the Totolink WA300 router, specifically in the firmware version 5.2cu.7112_B20190227. The issue arises in the 'recvUpgradeNewFw' function within the '/cgi-bin/cstecgi.cgi' file, where user-supplied input is not properly validated before being included in system commands. This oversight creates an OS command injection vulnerability, allowing for remote code execution with root privileges, without the need for authentication.
Impact
Exploitation of this vulnerability leads to unauthorized remote code execution with root privileges on the affected device.
Reproduction
To reproduce this vulnerability, send a crafted JSON request to the 'setting/recvUpgradeNewFw' function of the Totolink WA300 router running the vulnerable firmware. The request should include parameters that exploit the lack of input validation, allowing for the injection of malicious OS commands that will be executed with root privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.