Multiple TOTOLINK network products contain a command insertion vulnerability in setting/setTracerouteCfg.
This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.
After exploitation, an attacker will have full access with the same user privileges under
which the webserver is running (typically as user `root`, ;-).
The following TOTOLINK network products and firmware are vulnerable:
- Wireless Gigabit Router model X5000R with firmware X5000R_V9.1.0u.6118_B20201102.zip;
- Wireless Gigabit Router model A7000R with firmware A7000R_V9.1.0u.6115_B20201022.zip;
- Wireless Gigabit Router model A3700R with firmware A3700R_V9.1.2u.6134_B20201202.zip;
- Wireless N Router model N200RE V5 with firmware N200RE_V5_V9.3.5u.6095_B20200916.zip;
- Wireless N Router model N200RE V5 with firmware N200RE_V5_V9.3.5u.6139_B20201216.zip;
- Wireless N Router model N350RT with firmware N350RT_V9.3.5u.6095_B20200916.zip;
- Wireless N Router model N350RT with firmware N350RT_V9.3.5u.6139_B20201216.zip;
- Wireless Extender model EX1200L with firmware EX1200L_V9.3.5u.6146_B20201023.zip; and
- probably more looking at the scale of impacted devices :-(
msf > use exploit/linux/http/totolink_unauth_rce_cve_2023_30013
msf exploit(totolink_unauth_rce_cve_2023_30013) > show targets
...targets...
msf exploit(totolink_unauth_rce_cve_2023_30013) > set TARGET < target-id >
msf exploit(totolink_unauth_rce_cve_2023_30013) > show options
...show and set options...
msf exploit(totolink_unauth_rce_cve_2023_30013) > exploit
Vulmon