Within the affected devices, a request would be received to the command injection site to ping the value of “80”. The request would be processed and sent to the target server where an “OK” response would be received. The command injection site would then close the connection. An attacker would be able to send commands to the device via the “OK” response. The following is a list of commands that can be sent to the device. - shutdown - enable - disable - reboot - sig_send - wps_pin - wps_pass - wps_key - wps_ver - wps_sps - wps_url - wps_file - wps_reg - wps_reghd - wps_reghw - wps_reghs - wps_reghl - wps_reght - wps_reghj - wps_reghk - wps_reghj - wps_reghl - wps_reght - wps_reghj - wps_reghk - wps_reghj - wps_reghl - wps_reght - wps_reghj - wps_reghk - wps_reghj - wps_reghl - wps_reght - wps_reghj - wps_regh
Vulnerable / tested firmware version
The affected devices have all the same firmware version.
wps_reg Command
The following is a list of commands that can be sent to the device. - shutdown - enable - disable - reboot - sig_send - wps_pin - wps_pass - wps_key - wps_ver - wps_sps - wps_url - wps_file
Timeline
Published on: 08/29/2022 23:15:00 UTC
Last modified on: 09/02/2022 18:59:00 UTC