CVE-2019-9161

Name of the Vulnerable Software and Affected Versions Sangfor Sundray WLAN Controller versions 3.7.4.2 and earlier

Description The issue allows remote attackers to achieve full access to the system. This is due to the fact that shell metacharacters in the nginx webconsole.php Cookie header can be used to read an etc/config/wac/wns cfg admin detail.xml file containing the admin password. The password for root is the WebUI admin password concatenated with a static string.

Recommendations For Sangfor Sundray WLAN Controller versions 3.7.4.2 and earlier, update to a version later than 3.7.4.2 to resolve the issue. As a temporary workaround, consider restricting access to the nginx webconsole.php endpoint to minimize the risk of exploitation. Avoid using the Cookie header in the affected endpoint until the issue is resolved.