Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Backdoor Jailbreak

Posted by deepcore on July 17, 2018 – 11:35 pm

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have a web shell application that includes a service called Microhard Sh that is documented only as ‘reserved for internal use’. This service can be enabled by an authenticated user within the Services menu in the web admin panel. This can also be enabled via CSRF attack. When the service is enabled, a user ‘msshc’ is created on the system with password ‘msshc’ for SSH shell access on port 22. When connected, the user is dropped into a NcFTP jailed environment, that has limited commands for file transfer administration. One of the commands is a custom added ‘ping’ command that has a command injection vulnerability that allows the attacker to escape the restricted environment and enter into a root shell terminal that can execute commands as the root user. Many versions are affected.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Nanopool Claymore Dual Miner APIs Remote Code Execution Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Open Redirect »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Backdoor Jailbreak

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL