(CVE-20221-35404) Prolink PRC2402M applogin.cgi sys_login1 Authenticated Command Injection Vulnerability

CVE: CVE-2021-35404 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by applogin.cgi, which is passed to system, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. Authentication is required to exploit this vulnerability. The router makes GET requests through HTML forms to interact with the cgi scripts....

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-20221-35406) Prolink PRC2402M login.cgi sys_login1 Authenticated Command Injection Vulnerability

CVE: CVE-2021-35406 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by applogin.cgi, which is passed to system, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. Authentication is required to exploit this vulnerability. The router makes POST requests through HTML forms to interact with the cgi scripts....

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-20221-35406) Prolink PRC2402M qos.cgi qos_settings Un-authenticated Command Injection Vulnerability

CVE: CVE-2021-35406 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by qos.cgi, which is passed to system, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes POST requests through HTML forms to interact with the cgi scripts....

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-20221-35407) Prolink PRC2402M mesh.cgi get_upgrade_page Un-authenticated Command Injection Vulnerability

CVE: CVE-2021-35407 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by mesh.cgi, which is passed to popen, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes GET requests to interact with the cgi scripts....

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-20221-35409) Prolink PRC2402M nightled.cgi SetNightLed Un-authenticated Command Injection Vulnerability

CVE: CVE-2021-35409 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by nightled.cgi, which is passed to system, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes GET requests to interact with the cgi scripts....

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-2021-30836) WebKit WebCore::AudioNode::disconnect null pointer reference

CVE: CVE-2021-30836 Tested Versions: webkitGTK2.32.0 Product URL(s): https://webkit.org/ Description of the vulnerability In order to show how we can reproduce it, let’s open poc.html in webkitgtk version 2.32.0 within Ubuntu. Alternatively, you may want to use my docker script to build. Source code of build.sh docker build . -t webkit_asan docker run -it --name=webkit2.32.0 webkit_asan /bin/bash Source code of Dockerfile FROM ubuntu:18.04 MAINTAINER mipu94 RUN echo ${WEBKIT_VERSION} ARG DEBIAN_FRONTEND=noninteractive RUN apt-get -y update && \ apt-get install -y wget \ cmake \ bison \ git \ unzip \ xz-utils \ apache2 \ llvm-7 \ clang-7 \ libclang-7-dev \ tzdata \ sed \ ruby WORKDIR /root/ # install ninja RUN wget https://github....

June 9, 2021 · 3 min · Ta Dinh Sung

(CVE-20221-35402) Prolink PRC2402M live_api.cgi satellist_list Un-authenticated Command Injection Vulnerability

CVE: CVE-2021-35402 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by live_api.cgi, which is passed to system, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes GET requests to interact with the cgi scripts....

June 9, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)