Injection Dangerous Command into HARMAN AMX
Affected Vendor: AMX – https://www.amx.com/
Affected Software: MVP5150 Firmware
Affected Version: Tested on V2.87.13
Issue type: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
Release Date: 07/05/2019
Discovered by: Harold Zang, Hivint
CVE Identifier: CVE-2019-11224
Issue status: Publish
AMX (www.amx.com) is part of the HARMAN Professional Division, and the leading brand for the business, education, and government markets for the company.
HARMAN AMX MVP5150 v2.87.13 devices are vulnerable to OS Command Injection.
An attacker who is able to login to the AMX MVP5150 via Telnet service is able to inject and execute malicious OS commands.
Proof of concept
1. Login to the device via Telnet.
2. Using the following command, perform a command injection:
3. Using the following command, observe it possible to bypass the disallowed space character:
The vendor has informed that this product is obsolete and at this stage there is no product development expected around this product. However if there is any specific customer request for development then it can be considered based on the priority/ requirement.
09/03/2019 – Found the issue
09/03/2019 – Tried to notify vendor
03/04/2019 – Vendor notified
07/05/2019 – Publish