Headline
CVE-2023-26866: GitHub - lionelmusonza/CVE-2023-26866
GreenPacket OH736’s WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover.
CVE-2023-26866****Description
GreenPacket OH736’s WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover. The vulnerability has been validated by Lionel Musonza.
Vulnerability Type
CWE-77 Improper Neutralization of Special Elements used in a Command (‘Command Injection’) cwe source acceptance level NIST CWE-94 Improper Control of Generation of Code (‘Code Injection’)
Vendor of Product
GreenPacket
Affected Product Code Base
OH736’s WR-1200 IDU - M-IDU-1.6.0.3_V1.1 OT-235 - MH-46360-2.0.3-R5-GP
Affected Component
Engineer user’s command tool in the ruoter’s web utility.
Attack Type
Context-dependent
Impact Code execution
True
Impact Denial of Service
True
Impact Escalation of Privileges
True
Impact Information Disclosure
True
Has vendor confirmed or acknowledged the vulnerability?
No, no response from vendor.
Discoverer
Lionel Musonza
Timeline