type:Remote Command Injection
author:Yifeng Li, Wolin Zhuang;
## Vulnerability description
We found an Command Injection vulnerability in IP-COM Technology IP-COM’s M50 routers with firmware which was released recently, allows remote attackers to execute arbitrary OS commands from a crafted GET request.
## Remote Command Injection vulnerability
In formSetUSBPartitionUmount function, the parameter "usbPartitionName" is insufficiently filter the string delivered by the user, so we can control the usbPartitionName such as “-h%0aping%20x.x.x.x%20-w%2-5%0a ” to attack the OS.
### Remote Command Injection
We set the value of "usbPartitionName" as aaa\nping x.x.x.x and the router will excute ping command.