Command Injection in Multiple Snap One Araknis Networks Products

Command Injection in Multiple Snap One Araknis Networks Products
Cyber Labs

18 of 20

This insight is part 18 of 20 in this Collection.

June 7, 2022 3 mins

Command Injection in Multiple Snap One Araknis Networks Products

CVE-2021-40144, CVE-2021-40844, CVE-2021-42661: Command Injection vulnerabilities in Snap One Araknis Networks® switches and access points.

Aon’s Cyber Solutions discovered multiple command injection vulnerabilities affecting a number of Snap One Araknis Networks® switches and access points. The list of affected products and firmware versions can be found below. The vulnerabilities were discovered by Aon’s Cyber Solutions team member Howard McGreehan. 

Aon would like to thank Snap One for working with us as part of our coordinated disclosure process. 

Timeline:
  • 03/21/21 – Initial disclosure to [email protected]
  • 06/01/21 – Issues confirmed by Snap One, firmware upgrade release dates set
  • 10/05/21 – Patches released
  • 06/07/22 – Aon advisory released 
Vulnerability Listing / Credits:
  • CVE-2021-40144 – Command Injection in datajson.cgi 
  • CVE-2021-40844 – Command Injection in OpenWRT LuCI 
  • CVE-2021-42661 – Command Injection in OpenWRT LuCI 
Affected Products: 

According to the vendor, the following products and firmware versions are affected: 

Product Firmware Version CVE ID
Araknis Networks AN-210 Network Switches < 1.3.10 CVE-2021-40144
Araknis Networks AN-810 Access Points < 2.1.02 CVE-2021-40844
Araknis Networks AN-700-O Access Points < 2.1.02 CVE-2021-42661

Command Injection in Multiple Snap One Araknis Networks Products

Overview

Multiple Snap One Araknis Networks products are vulnerable to authenticated command injection attacks within their administrative panels. This vulnerability can be triggered by sending specially crafted HTTP requests to affected models’ onboard, web-based networking tools. Exploiting these vulnerabilities allows the attacker to fully takeover the devices as the root user and may be leveraged via Cross-Site Request Forgery (CSRF).  

Remediation

Firmware updates may be obtained through Snap One Partners or from the Snap One Product Support section.  

Vendor Thanks:

https://www.control4.com/company/privacy-and-security/thank-you-white-hats 

Aon’s Thought Leader
  • Howard McGreehan
    Manager, Security Testing, Cyber Solutions

About Cyber Solutions:

Aon’s Cyber Solutions offers holistic cyber risk management, unsurpassed investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents.

General Disclaimer

This material has been prepared for informational purposes only and should not be relied on for any other purpose. You should consult with your own professional advisors or IT specialists before implementing any recommendation or following the guidance provided herein. Further, the information provided and the statements expressed are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources that we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.

Terms of Use

The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.