There is a command injection vulnerability in the TEW-822DRE router with firmware version 1.03B02. If an attacker gains web management privileges, they can inject commands into the post request parameters ipv4_ping, ipv6_ping in the boa’s unknown function, thereby gaining shell privileges. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
In the unknown function, the v3, v4 parameters also have command injection vulnerabilities which is passed to v6 and after it was found that the system() function is called.
Environment setup:
Set up the router environment through FirmAE.
Refer to pr0v3rbs/FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis (github.com) for instructions
Finished
