A critical OS command injection vulnerability in Synway SMG Gateway Management Software allows unauthenticated remote attackers to execute arbitrary system commands.

The RADIUS configuration endpoint (/en/9-2radius.php) fails to sanitize the radius_address parameter, which is passed directly to a system command. This allows an unauthenticated attacker to inject shell commands.

The CVSS score of 9.8 reflects the high risk of this vulnerability. Exploitation provides an attacker with remote code execution, enabling full control over the gateway device and facilitating potential lateral movement into the internal network.

Immediate Action: Apply the latest firmware/software security update provided by Synway to address the command injection flaw.

Proactive Monitoring: Audit logs for suspicious POST requests to the RADIUS configuration page and monitor for any unauthorized shell activity.

Compensating Controls: Use a WAF to block requests containing shell injection sequences (e.g., |, ;, &, sed) to the management interface.

Public Exploit Available: Yes

Given the active exploitation status and the severity of remote code execution, this vulnerability must be treated as a priority. Ensure all Synway management interfaces are protected and updated.