A high-severity vulnerability has been identified in multiple Mitrastar products, including the GPT-2741GNAC-N2 model. The flaw allows an attacker to bypass a restricted command shell via SSH access, potentially leading to a full takeover of the affected network device. Successful exploitation could enable an attacker to intercept network traffic, access internal networks, or disrupt services.

The affected Mitrastar devices provide SSH access that defaults to a restricted shell, which is intended to limit administrative capabilities. However, a vulnerability exists within this restricted environment that allows for a "shell escape." An attacker with SSH access, potentially using default or weak credentials, can execute a specific sequence of commands to break out of the restricted shell and gain privileged (root-level) access to the underlying operating system of the device.

This vulnerability is rated as High severity with a CVSS score of 8.4. A successful exploit would grant an attacker complete control over the compromised network device. This could lead to severe consequences, including man-in-the-middle attacks to eavesdrop on network traffic, unauthorized access to sensitive internal network segments, deployment of malware, or using the device as a pivot point for further attacks. The potential for data breaches, operational disruption, and reputational damage is significant.

Immediate Action: The primary remediation is to apply the security updates provided by Mitrastar to all affected devices immediately. Patching this vulnerability is the most effective way to mitigate the risk.

Proactive Monitoring: Security teams should actively monitor for signs of compromise. This includes reviewing SSH access logs for unauthorized or suspicious login attempts, especially from external IP addresses. Monitor network traffic for unusual outbound connections from the Mitrastar devices, which could indicate a successful compromise and communication with a command-and-control server.

Compensating Controls: If patching cannot be performed immediately, implement the following controls to reduce the attack surface:

• Use a firewall or Access Control Lists (ACLs) to restrict SSH access to the devices from only trusted IP addresses or dedicated management networks.
• If SSH access is not essential for business operations, disable the service entirely on the devices.
• Ensure all default credentials have been changed to strong, unique passwords.

Public Exploit Available: false

Given the high severity (CVSS 8.4) of this vulnerability and the risk of complete device compromise, we strongly recommend that organizations prioritize the immediate application of vendor-supplied patches. Although this CVE is not currently listed on the CISA KEV catalog, its high impact makes it a prime candidate for future inclusion. Until patches are fully deployed, organizations must implement the suggested compensating controls, such as restricting SSH access, to mitigate immediate risk.