EDB-ID: 44580 | Author: Fidus InfoSecurity | Published: 2018-03-27 | CVE: CVE-cve 2017-17020 | Type: Webapps | Platform: Hardware | Aliases: N/A | Advisory/Source: Link | Tags: N/A | Vulnerable App: N/A |
This walkthrough demonstrates just how easy it can be to find vulnerabilities in Internet of Things (IOT) devices. The process of finding the following command injection can be broken down into 3 steps that are more akin to a 100 point CTF challenge: download binary, run strings, trace input to system call to origin.
An attacker can escape the ‘sed’ command with a simple payload, such as ‘`touch a`’. Another example that fits is AdminID=a’`telnetd`’, which allows a user to login as “a”, which becomes the new root account:
Source: https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/