A number of network devices have been found to have potentially dangerous vulnerabilities that allow for code execution or unauthorized control access:
- In the Juniper SRX series and the Juniper EX series built on the Junos OS C-WEB-WEB interface, there is a vulnerability (CVE-2023-36845) that enables reading the contents of any file in the system, including a file with ROOT privileges during initial setup, or executing arbitrary PHP code through a request sent to the web interface without authentication. An example of the function phpinfo():
- Three vulnerabilities have been found in the ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U wireless routers (cve-2023-39238, cve-2023-39239, cve-2023-39240), which are related to the lack of proper input verification in the CGI-scripts of the web interface. These vulnerabilities allow for remote code execution without authentication.
- There are 95 vulnerabilities in the D-Link Dir-3040, DAP-1325, and DAP-2622 routers (CVE-2023-35724-CVE-2023-34756, CVE-2023-37310-CVE-CVE-CVE-CVE-2023-37326, CVE-2023-41188-CVE-2023-41230), 79 of which allow for code execution with root privileges through a network request without authentication.
- A vulnerability (CVE-2023-4498) has been discovered in the Tenda N300 Wireless N VDSL2 wireless router, enabling remote access to the web interface manager without authentication by indicating keywords from the whitelist in the tracks, which leads to the execution of the request without authentication.
- There are vulnerabilities in the Netgear Rax30 routers (cve-2023-40480, CVE-2023-40479) that allow for the execution of code with root privileges through specially crafted data on DHCP and UPNP. These vulnerabilities arise due to the lack of verification of external data before using the System() function as arguments. Additionally, there is a vulnerability in Netgear Orbi
Curl "https://10.12.72.1/?phprc=/dev/fd/0" --data-binary $ 'allow_url_include = 1 nauto_prepend_file = "Data:/Text/Plain; Base64 , PD8KICAGCHWAW5MBYGPOWO/PG == "'