A general technique for getting around the web application firewalls (WAFs) of several major vendors has been discovered by Claroty, a cybersecurity company for the industrial and Internet of Things.
Following a review of the wireless device management platform from Cambium Networks, Claroty’s researchers discovered the technique. They found a SQL injection flaw that could allow unauthorized access to private data like session cookies, tokens, SSH keys, and password hashes. The vulnerability could be exploited against the on-premises version, but the Amazon Web Services (AWS) WAF blocked any attempts to do so against the cloud version by flagging the SQL injection payload as malicious.
Further investigation revealed that the JSON data sharing format could be abused to get around the WAF.