CVE-2023-26866

Description

GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover. The vulnerability has been validated by Lionel Musonza.

Vulnerability Type

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection') cwe source acceptance level NIST CWE-94 Improper Control of Generation of Code ('Code Injection')

Vendor of Product

GreenPacket

Affected Product Code Base

OH736's WR-1200 IDU - M-IDU-1.6.0.3_V1.1 OT-235 - MH-46360-2.0.3-R5-GP

Affected Component

Engineer user's command tool in the ruoter's web utility.

Attack Type

Context-dependent

Impact Code execution

True

Impact Denial of Service

True

Impact Escalation of Privileges

True

Impact Information Disclosure

True

Has vendor confirmed or acknowledged the vulnerability?

No, no response from vendor.

Discoverer

Lionel Musonza

lionelmusonza/CVE-2023-26866

CVE-2023-26866

Description

Vulnerability Type

Vendor of Product

Affected Product Code Base

Affected Component

Attack Type

Impact Code execution

Impact Denial of Service

Impact Escalation of Privileges

Impact Information Disclosure

Has vendor confirmed or acknowledged the vulnerability?

Discoverer

Timeline