CVE-2023-26802 Scanner

DCBI-Netlog-LAB is a network management firmware solution developed by Digital China Networks (DCN) that includes administrative capabilities such as DHCP, routing, and NAT configuration. It is often deployed in enterprise network environments to manage traffic flow and device configurations.

This scanner identifies a critical remote command injection vulnerability (CVE-2023-26802) in DCBI-Netlog-LAB v1.0. The flaw exists in the CGI endpoint `/cgi-bin/network_config/nsg_masq.cgi`, where improper sanitization of user-supplied input enables attackers to inject system-level commands. Notably, this vulnerability can be exploited **without authentication**, which significantly increases its exploitability and impact.

The attack is carried out by sending a GET request to the vulnerable endpoint with maliciously crafted query parameters. Specifically, the `proto` parameter can be injected with shell commands, such as `;ls>filename`, allowing execution on the target system. A follow-up request to retrieve the generated file allows attackers to confirm successful execution. Since the server outputs the result of the injected command, the vulnerability can be reliably verified.

The successful exploitation of this issue allows attackers to gain unauthorized access to system-level operations. This can result in data exfiltration, backdoor installation, lateral movement within the network, and full system compromise. Given the unauthenticated nature of the exploit and its triviality, immediate remediation is essential.

REFERENCES

• https://web.archive.org/web/20230605051153/https://github.com/winmt/my-vuls/tree/main/DCN%20DCBI-Netlog-LAB