PT-2021-13785 · Telus · Telus Wi-Fi Hub

Evan Grant

Published

2021-10-11

Updated

2021-10-18

CVE-2021-20122

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Telus Wi-Fi Hub (PRV65B444A-S-TS) version 3.00.20

Description: The issue is an authenticated command injection vulnerability in multiple parameters passed to the tr69 cmd.cgi endpoint. A remote attacker connected to the router's LAN and authenticated with a super user account could leverage this issue to run commands or gain a shell as root on the target device.

Recommendations: For Telus Wi-Fi Hub (PRV65B444A-S-TS) version 3.00.20, consider restricting access to the tr69 cmd.cgi endpoint until a patch is available. As a temporary workaround, avoid using parameters that could be used for command injection in the tr69 cmd.cgi endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-20122

Affected Products

Telus Wi-Fi Hub

PT-2021-13785 · Telus · Telus Wi-Fi Hub

CVE-2021-20122

Weakness Enumeration

Related Identifiers

Affected Products

References · 4