Software Command Injection Flaw (CVE-2021-35402) - Patch Now

Overview

A critical security vulnerability has been identified in certain versions of the PROLiNK PRC2402M satellite router. This flaw allows a remote attacker to execute arbitrary operating system commands on the affected device, granting them full control.

Vulnerability Details

The vulnerability exists in the live_api.cgi component of the router’s web interface, specifically on the satellite_list page. The router fails to properly validate and sanitize user input in the ip parameter used for the satellite_status function. By injecting shell metacharacters (special characters used to chain commands) into this parameter, an attacker can trick the device into running malicious commands with the highest level of system privileges.

In simple terms, a field meant only for an IP address can be abused to run any command the attacker chooses.

Impact and Risk Assessment

This vulnerability is rated CRITICAL with a maximum CVSS score of 10.0. The potential impacts are severe:

• Complete System Compromise: An unauthenticated, remote attacker can gain full administrative control of the router.
• Network Breach: The compromised router can be used to launch further attacks on the internal network, intercept or modify traffic, and steal sensitive data.
• Persistence and Disruption: Attackers can install backdoors, change configurations, or render the router inoperable (denial of service).

Any PROLiNK PRC2402M device with firmware dated before 2021-06-13 is confirmed to be vulnerable.

Remediation and Mitigation

Immediate action is required to secure affected devices.

Primary Remediation: The vendor has released a firmware update to address this vulnerability. All users must:

1. Upgrade the router firmware to a version dated 2021-06-13 or later.
2. Obtain the firmware directly from the official PROLiNK support channels.

Important Mitigation Steps: If an immediate update is not possible, implement these network-level controls:

• Restrict Access: Ensure the router’s management interface is not exposed to the public internet. Use a firewall to block WAN-side access to the web administration ports (typically TCP 80 and 443).
• Network Segmentation: Place the router on a dedicated management VLAN, isolated from sensitive internal networks, to limit potential lateral movement in case of compromise.

After applying the firmware update, it is recommended to reboot the device and change all administrative passwords as a precautionary measure.