Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection

Posted by deepcore on October 12, 2021 – 6:27 pm

Cypress Solutions CTM-200 wireless gateway version 2.7.1 suffers from an authenticated semi-blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the ‘ctm-config-upgrade.sh’ script leveraging the ‘fw_url’ POST parameter used in the cmd upgreadefw as argument, called by ctmsys() as pointer to execv() and make_wget_url() function to the wget command in /usr/bin/cmdmain ELF binary.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection Cypress Solutions CTM-200/CTM-ONE Hard-Coded Credentials Remote Root »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL