Chris Mack

**Name of the Vulnerable Software and Affected Versions** iRZ Mobile Routers through 2022-03-16 **Description** A CSRF issue in "/api/crontab" allows a threat actor to create a crontab entry in the router administration panel. The cronjob will execute the entry on the threat actor's defined interval, leading to remote code execution and filesystem access. If the router's default credentials are not rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction. **Recommendations** For iRZ Mobile Routers through 2022-03-16, consider disabling access to the "/api/crontab" endpoint until a patch is available. Additionally, ensure that default credentials are rotated and secure credentials are used to prevent remote code execution without user interaction. At the moment, there is no information about a newer version that contains a fix for this vulnerability.