module
Netis router MW5360 unauthenticated RCE.
| Disclosed | Created |
|---|---|
| 01/11/2024 | 06/24/2024 |
Disclosed
01/11/2024
Created
06/24/2024
Description
Netis router MW5360 has a command injection vulnerability via the password parameter on the login page.
The vulnerability stems from improper handling of the "password" parameter within the router's web interface.
The router's login page authorization can be bypassed by simply deleting the authorization header,
leading to the vulnerability. All router firmware versions up to `V1.0.1.3442` are vulnerable.
Attackers can inject a command in the 'password' parameter, encoded in base64, to exploit the command injection
vulnerability. When exploited, this can lead to unauthorized command execution, potentially allowing the attacker
to take control of the router.
The vulnerability stems from improper handling of the "password" parameter within the router's web interface.
The router's login page authorization can be bypassed by simply deleting the authorization header,
leading to the vulnerability. All router firmware versions up to `V1.0.1.3442` are vulnerable.
Attackers can inject a command in the 'password' parameter, encoded in base64, to exploit the command injection
vulnerability. When exploited, this can lead to unauthorized command execution, potentially allowing the attacker
to take control of the router.
Authors
h00die-gr3y Adhikara13
Platform
Linux
Architectures
mipsle
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/linux/http/netis_unauth_rce_cve_2024_22729
msf /(9) > show actions
...actions...
msf /(9) > set ACTION < action-name >
msf /(9) > show options
...show and set options...
msf /(9) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.