CVE-2022-35271 refers to a security vulnerability found in the web_server hashFirst functionality of Robustel R151, a popular LTE-enabled IoT (Internet of Things) gateway, which is reportedly affected by a denial of service (DoS) vulnerability. This vulnerability affects Robustel R151 version 3.1.16 and 3.3., leading to the possible disruption of services through specially crafted network requests sent by an attacker.
In this post, we will delve into the technical details of this vulnerability, provide code snippets, and share the original references for further reading. Our goal is to raise awareness about this issue and provide guidance on how to prevent exploitation.
Exploit Details
The denial of service vulnerability can be triggered by sending a sequence of specially crafted network requests to the /action/import_cert_file/ API in the Robustel R151 web server. Specifically, the hashFirst function fails to properly handle these requests, resulting in the service being unavailable for legitimate use. An attacker can exploit this vulnerability to disrupt the normal operation of the device and may cause temporary or permanent damage, depending on the network configurations and services running on the device.
A sample HTTP POST request, which can be used to trigger the vulnerability, is shown below
POST /action/import_cert_file/ HTTP/1.1
Host: TARGET_IP_ADDRESS
Content-Type: multipart/form-data; boundary=----------------------------7d7100351cda
Content-Length: 125
Connection: Keep-Alive
Cache-Control: no-cache
---------------------------7d7100351cda
Content-Disposition: form-data; name="file"; filename=""
Content-Type: application/octet-stream
---------------------------7d7100351cda--
Replace TARGET_IP_ADDRESS with the IP address of the target Robustel R151 device. This request can be sent using various HTTP clients or tools like curl or httpie.
Original References
The vulnerability details were originally published by the Zero Day Initiative (ZDI), a leading bug bounty and vulnerability research organization.
- CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35271
- ZDI Advisory: https://www.zerodayinitiative.com/advisories/ZDI-22-117/
The affected vendor, Robustel, also acknowledged the vulnerability and provided guidance on mitigating the issue.
- Robustel Security Advisory: https://www.robustel.com/security/security-advisory-for-robustel-gateways/
Mitigation
To prevent exploitation of this vulnerability, it is recommended to follow the guidelines provided by Robustel:
Restrict access to the web_server functions by following the principle of least privilege
- Use network filters or firewalls to restrict incoming requests to authenticated and trusted sources only.
Conclusion
CVE-2022-35271 is a significant vulnerability that highlights the importance of securing IoT devices and maintaining up-to-date firmware. By understanding the details of the exploit and applying relevant mitigations, administrators and security professionals can prevent the exploitation of their Robustel R151 devices. Stay informed about the latest vulnerabilities affecting your devices and take proactive measures to avoid potential security incidents.
Timeline
Published on: 10/25/2022 17:15:00 UTC
Last modified on: 02/23/2023 23:49:00 UTC