← Advisories

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution

Critical

Advisory ID

ZSL-2023-5801

Release Date

25 November 2023

Vendor

AAF Digital HD Forum, Atelmo GmbH - http://www.aaf-digital.info, https://www.atemio.de

Affected Version

Firmware <=2.01

CVE

CVE-2024-9166

Tested On

GNU/Linux 2.6.32.71 (STMicroelectronics), GNU/Linux 3.14-1.17 (armv7l), GNU/Linux 3.14.2 (mips), ATEMIO M46506 revision 990, Atemio 7600 HD STB, CPU STx7105 Mboard, titan web server

Summary

The Atemio AM 520 HD Full HD satellite receiver enables the reception of digital satellite programs in overwhelming image quality in both SD and HD ranges. In addition to numerous connections, the small all-rounder offers a variety of plugins that can be easily installed thanks to the large flash memory. The TitanNit Linux software used combines the advantages of the existing E2 and Neutrino systems and is therefore fast, stable and adaptable.

Description

The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.

Proof of Concept

titannit_rce.pyTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://packetstormsecurity.com/files/175926/TitanNit-Web-Control-2.01-Atemio-7600-Root-Remote-Command-Execution.html

[2]https://www.exploit-db.com/exploits/51853

[3]https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-03

[4]https://www.cve.org/CVERecord?id=CVE-2024-9166

[5]https://nvd.nist.gov/vuln/detail/CVE-2024-9166