exploitation of this vulnerability requires authentication and requires that a user is logged in to the device.
Command injection occurs due to the lack of input validation of the user-provided commands. An attacker can inject commands in the CLI and gain access to the system.
You can access the vulnerable CLI interface by navigating to “/system/bin/cmd” on the device. An attacker can exploit this command injection vulnerability by crafting a malicious command. An attacker can inject commands by injecting “cmd” in the URL.
Hytec Inter HWL-2511-SS v1.05 and below devices have a built-in web server. The web server is configured in “/system/bin/server”. An attacker can exploit this command injection vulnerability by injecting “cmd” in the URL.
Discovery and Exploitation Timeline
The vulnerability was discovered on October 29, 2018 by Kevin Finisterre. The first exploit was published on November 1, 2018.
Hytec Inter HWL-2511-SS v2.0 and above devices have a built-in web server. The web server is configured in “/system/bin/server”. An attacker can exploit this command injection vulnerability by injecting “cmd” in the URL.
An attacker can exploit this vulnerability by crafting a malicious command and attempting to execute it on the device. The following commands are vulnerable:
cd, ls, del, rm, ipconfig
Injection Example:
Hytec Inter HWL-2511-SS v1.05 and below devices have a built-in web server. The web server is configured in “/system/bin/server”. An attacker can exploit this vulnerability by injecting “cmd” in the URL for example:
cmd://?cmd=id%20uid%3D0%3Auser%3D@sys&password=
Timeline
Published on: 08/29/2022 23:15:00 UTC
Last modified on: 09/01/2022 21:01:00 UTC