June 2022 - Exodus Intelligence

TP-Link WA850RE Unauthenticated Configuration Disclosure Vulnerability

June 23, 2022June 23, 2022 by Exodus Intel VRT

EIP-9098806c

A vulnerability exists within the httpd server of the TP-Link WA850RE Universal Wi-Fi Range Extender that allows remote unauthenticated attackers to download the configuration file. Retrieval of this file results in the exposure of admin credentials and other sensitive information.

Vulnerability Identifiers

Exodus Intelligence: EIP-9098806c
MITRE CVE: TBD

Vulnerability Metrics

CVSSv2 Score: 8.3

Vendor References

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to affected vendor: December 10th, 2021
Disclosed to public: June 23rd, 2022

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected].

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program (RSP).

TP-Link WA850RE Remote Command Injection Vulnerability

June 23, 2022June 23, 2022 by Exodus Intel VRT

EIP-7758d2d4

A vulnerability exists within the httpd server of the TP-Link WA850RE Universal Wi-Fi Range Extender that allows authenticated attackers to inject arbitrary commands as arguments to an execve() call due to a lack of input sanitization. Injected commands are executed with root privileges. This issue is further exacerbated when combined with the configuration leak from EIP-9098806c.

Vulnerability Identifiers

Exodus Intelligence: EIP-7758d2d4
MITRE CVE: TBD

Vulnerability Metrics

CVSSv2 Score: 7.7

Vendor References

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to affected vendor: December 10th, 2021
Disclosed to public: June 23rd, 2022

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected].

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program (RSP).

TP-Link WR940N/WR941ND Uninitialized Pointer Vulnerability

June 23, 2022June 23, 2022 by Exodus Intel VRT

EIP-9ad27c94

An uninitialized pointer vulnerability exists within TP-Link’s WR940N and WR941ND SOHO router devices specifically during the processing of UPnP/SOAP SUBSCRIBE requests. Successful exploitation allow local unauthenticated attackers the ability to execute arbitrary code under the context of the ‘root’ user.

Vulnerability Identifiers

Exodus Intelligence: EIP-9ad27c94
MITRE CVE: TBD

Vulnerability Metrics

CVSSv2 Score: 8.3

Vendor References

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to affected vendor: December 10th, 2021
Disclosed to public: June 23rd, 2022

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected].

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program (RSP).

Mitel Web Management Interface Buffer Overflow Vulnerability

June 9, 2022June 9, 2022 by Exodus Intel VRT

EIP-c4542e4d

A stack-based buffer overflow vulnerability exists within multiple Mitel product web management interfaces, including the 3300 Controller and MiVoice Business product lines. Improper handling of the ‘Lang’ query parameter allows remote unauthenticated attackers to execute arbitrary code.

Vulnerability Identifiers

Exodus Intelligence: EIP-c4542e4d
MITRE CVE: TBD

Vulnerability Metrics

CVSSv2 Score: 10.0

Vendor References

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0005

Discovery Credit

Austin Martinetti and Brett Bryant working through the our Research Sponsorship Program (RSP).

Disclosure Timeline

Disclosed to affected vendor: April 21st, 2022
Disclosed to public: June 9th, 2022

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected].

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program (RSP).

SalesAgility SuiteCRM ‘deleteAttachment’ Type Confusion Vulnerability

June 9, 2022June 9, 2022 by Exodus Intel VRT

EIP-0077b802

A type confusion vulnerability exists within SalesAgility SuiteCRM within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.

Vulnerability Identifiers

Exodus Intelligence: EIP-0077b802
MITRE CVE: Pending

Vulnerability Metrics

CVSSv2 Score: 9.7

Vendor References

https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to affected vendor: March 2nd, 2022
Disclosed to public: June 9th, 2022

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected].

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program.

SalesAgility SuiteCRM ‘export’ Request SQL Injection Vulnerability

June 9, 2022June 9, 2022 by Exodus Intel VRT

EIP-0f5d2d7f

A SQL injection vulnerability exists within SalesAgility SuiteCRM within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code.

Vulnerability Identifiers

Exodus Intelligence: EIP-0f5d2d7f
MITRE CVE: Pending

Vulnerability Metrics

CVSSv2 Score: 9.7

Vendor References

https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to affected vendor: March 2nd, 2022
Disclosed to public: June 9th, 2022

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected].

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program.

EIP-9098806c

Vulnerability Identifiers

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-7758d2d4

Vulnerability Identifiers

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-9ad27c94

Vulnerability Identifiers

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-c4542e4d

Vulnerability Identifiers

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-0077b802

Vulnerability Identifiers

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-0f5d2d7f

Vulnerability Identifiers

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

Intelligence

Support

Company