OpenRepeater 2.1 contains a critical security flaw classified as an OS command injection vulnerability located in the ajax_system.php endpoint. This vulnerability arises from improper sanitization of user-supplied input in the 'post_service' POST parameter, which is directly passed to system-level commands. An attacker can exploit this by sending a specially crafted POST request containing shell metacharacters to execute arbitrary commands on the underlying operating system. The proof-of-concept exploit demonstrates sending a payload such as 'post_service=;id' to execute the 'id' command, revealing user identity information on the server. This vulnerability allows remote unauthenticated attackers to gain command execution privileges, potentially leading to full system compromise, data theft, or service disruption. The issue affects OpenRepeater versions prior to 2.2, with no official patch links provided in the data, but the vendor’s GitHub repository indicates the fix was introduced in version 2.2. The exploit code is simple and uses standard curl commands, making exploitation straightforward for attackers with network access to the vulnerable endpoint. The vulnerability is tagged as medium severity but given the nature of OS command injection, the impact can be significant. No known active exploitation has been reported yet, but public availability of exploit code increases the risk of opportunistic attacks. OpenRepeater is an open-source repeater controller software used in radio communications, which may be deployed in various organizational environments including emergency services, amateur radio, and private communication networks.

For European organizations, this vulnerability poses a significant risk especially to entities relying on OpenRepeater 2.1 for critical communication infrastructure such as emergency services, public safety, and amateur radio networks. Successful exploitation can lead to unauthorized remote code execution, allowing attackers to manipulate system processes, exfiltrate sensitive data, disrupt communications, or pivot to other internal systems. This could result in operational downtime, loss of data integrity, and exposure of confidential information. The ease of exploitation without authentication increases the threat level. Given the strategic importance of communication infrastructure in Europe, exploitation could have cascading effects on public safety and emergency response capabilities. Additionally, organizations with less mature patch management or those unaware of the vulnerability may remain exposed for extended periods. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future attacks, especially with publicly available exploit code.

The primary mitigation is to upgrade OpenRepeater installations to version 2.2 or later, where this vulnerability has been addressed. If upgrading is not immediately feasible, organizations should implement strict network access controls to restrict access to the vulnerable ajax_system.php endpoint, limiting it to trusted internal networks only. Deploy web application firewalls (WAFs) with custom rules to detect and block suspicious payloads containing shell metacharacters or command injection patterns targeting the 'post_service' parameter. Conduct thorough input validation and sanitization on all user inputs in custom deployments or forks of OpenRepeater. Monitor logs for unusual POST requests to the vulnerable endpoint and signs of command execution. Employ intrusion detection systems (IDS) to alert on exploitation attempts. Regularly audit and update all software components and maintain an incident response plan for potential breaches. Finally, educate system administrators and users about the risks and signs of exploitation.