CVE-2025-50753
📋 TL;DR
This vulnerability allows authenticated attackers to escape the restricted SSH shell on Mitrastar GPT-2741GNAC-N2 devices and gain root shell access. By exploiting a command injection flaw in the 'deviceinfo show file' command, attackers can execute arbitrary commands with full system privileges. This affects all users of these specific router devices.
💻 Affected Systems
- Mitrastar GPT-2741GNAC-N2
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing attackers to install persistent backdoors, intercept all network traffic, pivot to internal networks, and permanently brick the device.
Likely Case
Attackers gain full control of the router to intercept credentials, redirect traffic to malicious sites, or use the device as a foothold for internal network attacks.
If Mitigated
Limited impact if SSH access is disabled or restricted to trusted networks only, though the vulnerability remains present.
🎯 Exploit Status
Exploit requires SSH access (authenticated) but is trivial to execute with a single command injection payload.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None provided in references
Restart Required: No
Instructions:
Check vendor website for firmware updates. If available, download latest firmware and apply through device web interface or management tools.
🔧 Temporary Workarounds
Disable SSH Access
linuxCompletely disable SSH service on the router to prevent exploitation
Check web interface for SSH settings and disable
Use CLI: configure terminal -> no service ssh
Restrict SSH Network Access
allLimit SSH access to specific trusted IP addresses only
Configure firewall rules to restrict SSH port 22 to management IPs
Use access control lists if supported
🧯 If You Can't Patch
- Isolate affected devices in separate network segments with strict firewall rules
- Implement network monitoring for unusual SSH activity or command injection attempts
🔍 How to Verify
Check if Vulnerable:
SSH to device, in restricted shell, run: deviceinfo show file " /bin/sh" (with quotes and space). If you get root shell, device is vulnerable.Check Version:
Check firmware version in web interface or use: deviceinfo show versionVerify Fix Applied:
Attempt the exploit command after applying fixes - should receive error or remain in restricted shell.📡 Detection & Monitoring
Log Indicators:
- SSH logins followed by 'deviceinfo show file' commands with unusual arguments
- Shell escape attempts in system logs
- Root shell access from restricted user accounts
Network Indicators:
- Unusual SSH connections to router management interface
- Traffic patterns suggesting router compromise
SIEM Query:
source="router_logs" AND ("deviceinfo show file" OR "bin/sh")