CVE-2023-37058

Vulnerability

The JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 router contains an insecure permissions vulnerability (CVE-2023-37058) in its web API layer. The router does not enforce any authentication for its API endpoints, meaning any remote user can send requests without a password [1]. Affected firmware version is v.1.0 [1].

Exploitation

An unauthenticated remote attacker can send a crafted HTTP request to the vulnerable API endpoint /web/um_telnet_set with parameters telnetEnable=1&userName=admin&userPwd=pawnp@nda69 to enable the telnet service on the device. Once telnet is enabled, the attacker can simply connect via telnet and execute the su command to escalate privileges to root [1]. No other authentication or prior access is required, and the attack is possible over the network.

Impact

Successful exploitation allows a remote unauthenticated attacker to gain root-level shell access on the affected JLINK AX1800 router. The attacker can then execute arbitrary commands with full administrative privileges, leading to complete compromise of the device's confidentiality, integrity, and availability [1].

Mitigation

As of the publication date (2024-06-17), no official firmware patch or security update has been released by the vendor JLINK Unionman Technology Co. Ltd. The vendor's website (jlink.com) does not reference a fix [2]. There is no evidence of this CVE being listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Given the widespread exposure (902 devices found via Shodan) and the trivial exploitation, users should consider isolating the device from untrusted networks or replacing it with a supported alternative.