| README.md | ||
CVE-2023-33381-MitraStar-GPT-2741GNAC
CVE-2023-33381: OS command injection on MitraStar GPT-2741GNAC
Device: GPT-2741GNAC
Firmware Version: AR_g5.8_110WVN0b7_2
Vulnerability Description:
When logging in via SSH, it was apparent that one would be directed to a restricted shell instead of the expected full shell access.
After exploring several known vulnerabilities, I decided to delve into the search for new ones. To begin, I logged into the administrative portal and began testing various functionalities that could potentially result in OS command injection. Within the Diagnostic menu, I came across a particular feature that allowed me to test connectivity using the ping and traceroute commands.
So, I decided to try something sneaky by adding a ";" character to my command. I executed "cat /etc/passwd" and guess what? The command ran successfully.
So, I decided to try something sneaky by adding a ";" character to my command. I executed "cat /etc/passwd" and guess what? The command ran successfully.
As clearly illustrated in the image below, the modifications I made have enabled me to login and freely execute commands like "uname" and "cat"