TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution
Title: TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution
Advisory ID: ZSL-2023-5801
Type: Local/Remote
Impact: System Access, DoS
Risk: (5/5)
Release Date: 25.11.2023
GNU/Linux 3.14-1.17 (armv7l)
GNU/Linux 3.14.2 (mips)
ATEMIO M46506 revision 990
Atemio 7600 HD STB
CPU STx7105 Mboard
titan web server
[2] https://www.exploit-db.com/exploits/51853
[3] https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-03
[4] https://www.cve.org/CVERecord?id=CVE-2024-9166
[5] https://nvd.nist.gov/vuln/detail/CVE-2024-9166
[6] https://www.isssource.com/no-fix-for-atemio-satellite-receiver/
[7] https://thenimblenerd.com/article/critical-command-chaos-atemio-am-520-hd-satellite-receiver-vulnerability-exposes-root-access/
[8] https://windowsforum.com/threads/cve-2024-9166-critical-vulnerability-in-atelmo-atemio-am-520-hd-satellite-receiver.342943/
[9] https://secalerts.co/vulnerability/CVE-2024-9166
[10] https://www.incibe.es/incibe-cert/alerta-temprana/avisos-sci/inyeccion-de-comandos-en-atemio-am-520-hd-de-atelmo
[28.11.2023] - Added reference [1]
[03.03.2024] - Added reference [2]
[27.09.2024] - Added reference [3], [4], [5], [6], [7], [8], [9] and [10]
Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2023-5801
Type: Local/Remote
Impact: System Access, DoS
Risk: (5/5)
Release Date: 25.11.2023
Summary
The Atemio AM 520 HD Full HD satellite receiver enables the reception of digital satellite programs in overwhelming image quality in both SD and HD ranges. In addition to numerous connections, the small all-rounder offers a variety of plugins that can be easily installed thanks to the large flash memory. The TitanNit Linux software used combines the advantages of the existing E2 and Neutrino systems and is therefore fast, stable and adaptable.Description
The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.Vendor
AAF Digital HD Forum | Atelmo GmbH - http://www.aaf-digital.info | https://www.atemio.deAffected Version
Firmware <=2.01Tested On
GNU/Linux 2.6.32.71 (STMicroelectronics)GNU/Linux 3.14-1.17 (armv7l)
GNU/Linux 3.14.2 (mips)
ATEMIO M46506 revision 990
Atemio 7600 HD STB
CPU STx7105 Mboard
titan web server
Vendor Status
N/APoC
titannit_rce.pyCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://packetstormsecurity.com/files/175926/TitanNit-Web-Control-2.01-Atemio-7600-Root-Remote-Command-Execution.html[2] https://www.exploit-db.com/exploits/51853
[3] https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-03
[4] https://www.cve.org/CVERecord?id=CVE-2024-9166
[5] https://nvd.nist.gov/vuln/detail/CVE-2024-9166
[6] https://www.isssource.com/no-fix-for-atemio-satellite-receiver/
[7] https://thenimblenerd.com/article/critical-command-chaos-atemio-am-520-hd-satellite-receiver-vulnerability-exposes-root-access/
[8] https://windowsforum.com/threads/cve-2024-9166-critical-vulnerability-in-atelmo-atemio-am-520-hd-satellite-receiver.342943/
[9] https://secalerts.co/vulnerability/CVE-2024-9166
[10] https://www.incibe.es/incibe-cert/alerta-temprana/avisos-sci/inyeccion-de-comandos-en-atemio-am-520-hd-de-atelmo
Changelog
[25.11.2023] - Initial release[28.11.2023] - Added reference [1]
[03.03.2024] - Added reference [2]
[27.09.2024] - Added reference [3], [4], [5], [6], [7], [8], [9] and [10]
Contact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk