DLink/Cipherium Internet Hotspot (Embedded System) - Code Execution

.:: DESCRIPTION ::.
D-Link, the industry leader in innovative networking solutions, introduces the Airspot family of hot spot gateway products. With the increasing number of telecommuters and road warriors, Wi-Fi enabled hot spots have spread across the country to accommodate the need for on-demand Internet access. The D-Link Airspot Public/Private Hot Spot Gateway provides business owners a simple solution for adding public Internet service to their establishment while still maintaining the integrity of their existing network.

.:: SUMMARY ::.
Affected Version: Bonalinx W-1300, firmware 1.5
Tested Platform: Linux

DLink embedded Internet Hotspot system uses the same firmware as Cipherium Bonalinx Internet Hotspot and a vulnerability exists within these systems that allows an attacker to execute code as "root".

.:: DETAILS ::.
Not available to the public or to the users with basic VIA Agent's subscription.

.:: IMPACT ::.
An attacker can exploit this vulnerability to take complete control of the vulnerable Hotspot systems; and thereby, perform attack against the Internet hotspot users.

.:: AUTHOR ::.
Phuong Nguyen