TOTOLINK Wireless Routers unauthenticated remote command execution vulnerability.
Description
Multiple TOTOLINK network products contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. After exploitation, an attacker will have full access with the same user privileges under which the webserver is running (typically as user `root`, ;-). The following TOTOLINK network products and firmware are vulnerable: - Wireless Gigabit Router model X5000R with firmware X5000R_V9.1.0u.6118_B20201102.zip; - Wireless Gigabit Router model A7000R with firmware A7000R_V9.1.0u.6115_B20201022.zip; - Wireless Gigabit Router model A3700R with firmware A3700R_V9.1.2u.6134_B20201202.zip; - Wireless N Router model N200RE V5 with firmware N200RE_V5_V9.3.5u.6095_B20200916.zip; - Wireless N Router model N200RE V5 with firmware N200RE_V5_V9.3.5u.6139_B20201216.zip; - Wireless N Router model N350RT with firmware N350RT_V9.3.5u.6095_B20200916.zip; - Wireless N Router model N350RT with firmware N350RT_V9.3.5u.6139_B20201216.zip; - Wireless Extender model EX1200L with firmware EX1200L_V9.3.5u.6146_B20201023.zip; and - probably more looking at the scale of impacted devices :-(
Author(s)
- h00die-gr3y <h00die.gr3y@gmail.com>
- Kazamayc https://github.com/Kazamayc
Platform
Linux,Unix
Architectures
cmd, mipsle
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/linux/http/totolink_unauth_rce_cve_2023_30013
msf exploit(totolink_unauth_rce_cve_2023_30013) > show targets
...targets...
msf exploit(totolink_unauth_rce_cve_2023_30013) > set TARGET < target-id >
msf exploit(totolink_unauth_rce_cve_2023_30013) > show options
...show and set options...
msf exploit(totolink_unauth_rce_cve_2023_30013) > exploit
- Collect and share all the information you need to conduct a successful and efficient penetration test
- Simulate complex attacks against your systems and users
- Test your defenses to make sure they’re ready
- Automate Every Step of Your Penetration Test
Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.
– Jim O’Gorman | President, Offensive Security