A vulnerability in the WebGUI module of Netgate pfSense could allow an authenticated, remote attacker to inject and execute arbitrary commands on a targeted system.
The vulnerability exists in the dhcp_relinquish_lease() function, as defined in the status_interfaces.php file of the affected software. The dhcp_relinquish_lease() function of the software could pass user-supplied input from the ifdescr and ipv $_POST parameters to a shell without properly escaping variable data. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could allow the attacker to execute arbitrary shell commands with root privileges, which could be used to conduct further attacks.
Netgate confirmed the vulnerability and released software updates.