module
TOTOLINK Wireless Routers unauthenticated remote command execution vulnerability.
| Disclosed | Created |
|---|---|
| 2023-05-05 | 2023-09-21 |
Disclosed
2023-05-05
Created
2023-09-21
Description
Multiple TOTOLINK network products contain a command insertion vulnerability in setting/setTracerouteCfg.
This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.
After exploitation, an attacker will have full access with the same user privileges under
which the webserver is running (typically as user `root`, ;-).
The following TOTOLINK network products and firmware are vulnerable:
- Wireless Gigabit Router model X5000R with firmware X5000R_V9.1.0u.6118_B20201102.zip;
- Wireless Gigabit Router model A7000R with firmware A7000R_V9.1.0u.6115_B20201022.zip;
- Wireless Gigabit Router model A3700R with firmware A3700R_V9.1.2u.6134_B20201202.zip;
- Wireless N Router model N200RE V5 with firmware N200RE_V5_V9.3.5u.6095_B20200916.zip;
- Wireless N Router model N200RE V5 with firmware N200RE_V5_V9.3.5u.6139_B20201216.zip;
- Wireless N Router model N350RT with firmware N350RT_V9.3.5u.6095_B20200916.zip;
- Wireless N Router model N350RT with firmware N350RT_V9.3.5u.6139_B20201216.zip;
- Wireless Extender model EX1200L with firmware EX1200L_V9.3.5u.6146_B20201023.zip; and
- probably more looking at the scale of impacted devices :-(
This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.
After exploitation, an attacker will have full access with the same user privileges under
which the webserver is running (typically as user `root`, ;-).
The following TOTOLINK network products and firmware are vulnerable:
- Wireless Gigabit Router model X5000R with firmware X5000R_V9.1.0u.6118_B20201102.zip;
- Wireless Gigabit Router model A7000R with firmware A7000R_V9.1.0u.6115_B20201022.zip;
- Wireless Gigabit Router model A3700R with firmware A3700R_V9.1.2u.6134_B20201202.zip;
- Wireless N Router model N200RE V5 with firmware N200RE_V5_V9.3.5u.6095_B20200916.zip;
- Wireless N Router model N200RE V5 with firmware N200RE_V5_V9.3.5u.6139_B20201216.zip;
- Wireless N Router model N350RT with firmware N350RT_V9.3.5u.6095_B20200916.zip;
- Wireless N Router model N350RT with firmware N350RT_V9.3.5u.6139_B20201216.zip;
- Wireless Extender model EX1200L with firmware EX1200L_V9.3.5u.6146_B20201023.zip; and
- probably more looking at the scale of impacted devices :-(
Authors
h00die-gr3y h00die.gr3y@gmail.com
Kazamayc https://github.com/Kazamayc
Kazamayc https://github.com/Kazamayc
Platform
Linux,Unix
Architectures
cmd, mipsle
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.