CVE-2022-42221 The R6400 v1.1.0.114_1.0.1 router has an Incorrect Access Control vulnerability, which is a command injection vulnerability.
If a user is logged in to the router with the root account, a specially crafted URL can be sent to the device, which will then execute the given command. For example, the following URL can be sent to the router to exploit the vulnerability and exfiltrate the device’s configuration: http://192.168.1.1/cgi-bin/admin/config_view.cgi?config_file=config.ini&config_section=system&config_value=junk&config_view=option&config_view_sort=option&config_view_dir=option&config_view_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir_
Solution
A router can be fixed by unplugging it, resetting the device to default settings, and then plugging it back in.
If you're a user of a router or any other device, this particular vulnerability is not for you. You should also know that there is no easy fix for this vulnerability. Instead, your device should be replaced.
User Management Vulnerability
CVE-2022-42221 is a router user management vulnerability. If a user with the root account is logged in, a specially crafted URL can be sent to the device and it will execute the given command. For example, the following URL can be sent to the router to trigger an unauthorized reboot: http://192.168.1.1/cgi-bin/admin/config_view.cgi?config_file=config.ini&config_section=system&config_value=junk&config_view=option&config_view_sort=option&config_view_dir=option&config_view_regex=&config_view_dir_regex=&config_view_dir_regex=&config_view_dir2
Timeline
Published on: 10/17/2022 16:15:00 UTC
Last modified on: 10/19/2022 04:27:00 UTC