Submit #423561: Mitrastar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26 OS Command Injectioninfo

TitleMitrastar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26 OS Command Injection
DescriptionMitrastar router is vulnerable to a authenticated remote code execution in the firewall settings page. It is a blind command injection. The "SrcInterface" was tested and it is vulnerable. It is possible to run a ping command in the router. Run tcpdump in the other end and see the packets being received. It is possible to send a netcat to the router and execute a reverse shell. The privileges obtained is full (root).
Source⚠️ https://github.com/peritocibernetico/VivoCodeExecutionFirewall/
User
 peritocibernetico (UID 74140)
Submission10/14/2024 06:35 PM (2 months ago)
Moderation10/15/2024 08:00 AM (13 hours later)
StatusAccepted
VulDB Entry280344 [MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26 Firewall Settings Page settings-firewall.cgi SrcInterface os command injection]
Points19

Do you want to use VulDB in your project?

Use the official API to access entries easily!