Talos Vulnerability Report TALOS-2023-1899 Realtek rtl819x Jungle SDK boa formWsc OS command injection vulnerabilities July 8, 2024 CVE Number CVE-2023-50381,CVE-2023-50383,CVE-2023-50382 SUMMARY Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities. CONFIRMED VULNERABLE VERSIONS The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor. LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623 Realtek rtl819x Jungle SDK v3.4.11 PRODUCT URLS rtl819x Jungle SDK – https://www.realtek.com/en/ WBR-6013 – https://www.level1.com/level1_en/wbr-6013-n300-wireless-router-54069103 CVSSv3 SCORE 7.2 – CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CWE CWE-78 – Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) DETAILS The rtl819x Jungle SDK is an SDK for routers. This SDK uses as web server boa. These Realtek rtl819x Jungle SDK vulnerabilities were found while researching the Levelone WBR-6013 router. We are going to explain these vulnerabilities from the perspective of the WBR-6013 router. The WBR-6013 router has a web server called boa. The version used in the device is that of a Realtek SDK that uses boa. One of the SDK’s API is /boafrm/formWsc. This API allows…Read More