1 | 1 | | ### Analyzing and Reproducing the Command Injection Vulnerability (CVE-2023-0861) in NetModule Routers |
2 | 2 | | |
| 3 | + | NetModule is an Original Equipment Manufacturer (OEM) of industrial grade routers that are commonly used in critical |
| 4 | + | infrastructure and industrial control systems. On February 24th, 2023, ONEKEY, a security research firm, released a security |
| 5 | + | advisory disclosing a vulnerability that affect 9 NetModule routers. The vulnerability were identified within the web |
| 6 | + | management interface and allow authenticated users to execute arbitrary commands with elevated privileges. |
| 7 | + | As an individual interested in IoT security and firmware analysis, I find it valuable to review the entire reproduction process of |
| 8 | + | reported vulnerabilities and In the pursuit of expanding my knowledge and skills, I took it upon myself to reproduce the |
| 9 | + | disclosed vulnerability. |
3 | 10 | | |