Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router.
The vulnerability results from insufficient input validation in one of the endpoints of the router's administrative panel. An attacker with access to the administrative interface can send a crafted HTTP request containing a malicious payload. Unfiltered data goes directly to the operating system command interpreter, allowing execution of arbitrary shell commands with the privileges of the process handling the request.
An attacker with access to the administrative panel can execute arbitrary commands on the device, which in practice means complete takeover of the router, ability to modify network configuration, and potential lateral movement to the internal network.
Update the KAON AR2140 router firmware to version 3.2.50 or newer (for the 3.x branch) or to version 4.2.16 or newer (for the 4.x branch). Additionally, it is recommended to restrict access to the administrative panel only to trusted IP addresses and avoid exposing the router management interface on the public network.
KAON AR2140 routers with firmware versions earlier than 3.2.50 and earlier than 4.2.16.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XKaongroup Ar2140
HWKaongroupwszystkie wersjeKaongroup Ar2140 Firmware
OSKaongroup3.2.46 – 4.2.16 (bez)