CVE-2021-40350

Vulnerability

The vulnerability exists in the webctrl.cgi.elf binary on Christie Digital DWU850-GS devices running firmware version V06.46. An attacker can bypass authentication by including a specific administrative cookie in a crafted HTTP request; the device does not validate the cookie, allowing unauthorized actions. [1]

Exploitation

An attacker sends a POST request to the device with a unique cookie and account credentials (e.g., username bypassadmin, password bypass). The device accepts the request without proper authentication and creates a new privileged account. The response echoes the cookie, and the attacker can then use the created account to log in. [1]

Impact

Successful exploitation grants the attacker full administrative access to the device. This can be leveraged to modify device configurations, set rogue DHCP servers, and potentially disrupt network services. [1]

Mitigation

No official fix or mitigation has been disclosed by Christie Digital as of the publication date. The vulnerability discoverer has kept the exploit vector private to prevent widespread abuse. Users should monitor for firmware updates from Christie Digital. [1]