Summary
Multiple vulnerabilities in all REX 100 devices with firmware <= 2.3.2 that allow an attacker to gain full control over the device.
Impact
Full control over the device is possible in various ways. For details see CVE description.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| Firmware <2.3.3 | REX 100 |
Vulnerabilities
Expand / Collapse allA high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.
A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.
A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.
A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement.
An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service.
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession.
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession.
A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content.
Remediation
Update to latest version: 2.3.3
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 21.07.2025 12:00 | Initial revision. |