Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)

vendor:

Intelight X-1L Traffic controller Maxtime

by:

Andrew Lemon

8.1

CVSS

CRITICAL

Remote Code Execution (RCE)

287

CWE

Product Name: Intelight X-1L Traffic controller Maxtime

Affected Version From: 1.9

Affected Version To: 1.9.2006

Patch Exists: NO

Related CWE: CVE-2024-38944

CPE: a:q-free:intelight_x-1l_traffic_controller_maxtime:1.9.6

Metasploit:

Other Scripts:

Platforms Tested: Linux

2024

Intelight X-1L Traffic controller Maxtime 1.9.6 – Remote Code Execution (RCE)

The Intelight X-1L Traffic controller Maxtime 1.9.6 allows remote attackers to bypass authentication to gain full control of traffic controllers, modify traffic light sequences, trigger denial of service, and cause traffic congestion. This vulnerability exists in the web-based UI of Traffic Controllers running version 1.9.x firmware due to lack of authentication before allowing access to critical functionality.

Mitigation:

Apply the latest security patches provided by the vendor. Ensure that controllers are not directly accessible from the internet. Implement network segmentation and access controls to restrict unauthorized access to the controllers.

Source

Exploit-DB raw data:

# Exploit Title: Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)
# Google Dork: N/A
# Date: 07/09/2024
# Exploit Author: Andrew Lemon/Red Threat https://redthreatsec.com
# Vendor Homepage: https://www.q-free.com
# Software Link: N/A
# Version: 1.9
# Tested on:  (Intelight x-1) Linux 3.14.57 
# CVE : CVE-2024-38944

## Vulnerability Description
This vulnerability allows remote attackers to bypass authentication on affected installations of MaxTime Database Editor. 
Authentication is not required to exploit this vulnerability.

The specific flaw exists within the web-based UI on Traffic Controllers running version 1.9.x firmware. 
The issue results from the lack of authentication prior to allowing access to functionality. 
An attacker can leverage this vulnerability to gain full control of Intelight Traffic Controllers and modify the configuration of a traffic intersection,
modify traffic light sequences, or trigger the intersection to go into 4 way flash causing a denial of service and causing traffic congestion.

## Steps to Reproduce

Navigate to the IP address of an identified controller
When prompted for authentication append /cgi-bin/generateForm.cgi?formID=142 to the end of the IP address
Under the web security tab change the drop down from enabled to disabled and select apply or take note of the username and password and login with those.