CVE-2022-29013
published 2022-06-09CVE-2022-29013: A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST…
PriorityP191critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
77.14%
99.5th percentile
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| razer | sila_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
command{"jsonrpc":"2.0","id":3,"method":"call","params":["30ebdc7dd1f519beb4b2175e9dd8463e","file","exec",{"command":"id"}]}
other30ebdc7dd1f519beb4b2175e9dd8463e
yara
regex: 'uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)'
- →Detect exploit attempts by monitoring for POST requests to /ubus/ containing JSON-RPC 'call' method with 'file'+'exec' params and a 'command' key — characteristic of CVE-2022-29013 command injection.
- →Successful exploitation returns an HTTP 200 response with Content-Type 'application/json' and a body matching 'uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)', indicating arbitrary command execution as root.
- →Exploit requests include the custom header 'X-Requested-With: XMLHttpRequest' alongside Origin and Referer headers pointing to the router's root URL — use these as additional correlation signals.
- →The ubus session token '30ebdc7dd1f519beb4b2175e9dd8463e' appears hardcoded in the exploit payload; its presence in POST body to /ubus/ is a high-fidelity indicator of this specific exploit.
- ·The vulnerability is unauthenticated (PR:N) and network-accessible (AV:N), meaning no credentials or prior access are required to exploit the /ubus/ endpoint. ↗
- ·The affected version is specifically Razer Sila Gaming Router v2.0.441_api-2.0.418; detections should be scoped to this firmware version where possible. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4j2q-h92c-pm9c: A command injection in the command parameter of Razer Sila Gaming Router v2
ghsa_unreviewed·2022-06-10
CVE-2022-29013 [CRITICAL] CWE-77 GHSA-4j2q-h92c-pm9c: A command injection in the command parameter of Razer Sila Gaming Router v2
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
VulnCheck
razer sila_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2022·CVSS 9.8
CVE-2022-29013 [CRITICAL] razer sila_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
razer sila_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
Affected: razer sila_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://cujo.com/blog/the-2022-2023-iot-botnet-report-vulnerabilities-targeted/; https://cujo.com/the-2022-2023-iot-botnet-report-vulnerabilities-targeted/; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-09-18&host_type=src&vulnerability=cve-2022-29013; https://dashboa
No detection rules found.
Nuclei
Razer Sila Gaming Router - Remote Code Execution
nuclei·CVSS 9.8
CVE-2022-29013 [CRITICAL] Razer Sila Gaming Router - Remote Code Execution
Razer Sila Gaming Router - Remote Code Execution
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
Template:
id: CVE-2022-29013
info:
name: Razer Sila Gaming Router - Remote Code Execution
author: DhiyaneshDK
severity: critical
description: |
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
impact: |
Unauthenticated attackers can execute arbitrary system commands on the Razer Sila gaming router through command injection in the ubus endpoint, potentially compromising the entire home network and intercepting all network traffic.
remediation: |
Upgrade t
https://packetstormsecurity.com/files/166684/Razer-Sila-2.0.418-Command-Injection.htmlhttps://www.exploit-db.com/exploits/50865https://www2.razer.com/ap-en/desktops-and-networking/razer-silahttps://packetstormsecurity.com/files/166684/Razer-Sila-2.0.418-Command-Injection.htmlhttps://www.exploit-db.com/exploits/50865https://www2.razer.com/ap-en/desktops-and-networking/razer-sila
2022-06-09
Published
Exploited in the wild