CVE-2023-30404

Vulnerability

Aigital Wireless-N Repeater Mini_Router firmware version v0.131229 contains a remote code execution (RCE) vulnerability in the formSysCmd function, reachable via the sysCmd parameter in a crafted HTTP request. The web interface uses a time-based authentication mechanism without session cookies, allowing any user who can reach the interface to be automatically logged in after a legitimate user authenticates, effectively providing unauthenticated access to vulnerable endpoints [1].

Exploitation

An attacker with network access to the device's web interface (typically on the local network, as the repeater's default configuration exposes the web UI) can send a crafted HTTP request to the endpoint handling the formSysCmd function with a malicious sysCmd parameter. No prior authentication is required if a legitimate user has recently logged in, due to the flawed time-based session mechanism [1]. The attacker can then execute arbitrary operating system commands by injecting command strings into the sysCmd parameter.

Impact

Successful exploitation allows an attacker to execute arbitrary shell commands on the device with root privileges, leading to full compromise of the repeater. This can result in information disclosure (e.g., reading plain-text credentials from /config.dat [1]), modification of device configuration, denial of service, or use of the device as a pivot point for further network attacks.

Mitigation

No official patch or fixed version has been released by Aigital as of the publication date. Users should isolate the device on a separate network segment, restrict access to the web interface via firewall rules, or consider replacing the device if remote code execution is a critical risk. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog as of 2023-04-25.