IoT devices are currently facing continuous malicious attacks due to their widespread use. Among these IoT devices, web vulnerabilities are also widely exploited because of their inherent characteristics, such as improper permission controls and insecure interfaces. Recently, the embedded system web interface framework has become highly diverse, and specific vulnerabilities can arise if developers forget to detect user input parameters or if the detection process is not strict enough. Therefore, discovering vulnerabilities in the web interfaces of IoT devices accurately and comprehensively through an automated method is a major challenge. This paper aims to work out the challenge. We have developed an automated vulnerability detection system called LuaTaint for the typical web interface framework, LuCI. The system employs static taint analysis to address web security issues on mobile terminal platforms to ensure detection coverage. It integrates rules pertaining to page handler control logic within the taint detection process to improve its extensibility. We also implemented a post-processing step with the assistance of large language models to enhance accuracy and reduce the need for manual analysis. We have created a prototype of LuaTaint and tested it on 92 IoT firmwares from 8 well-known vendors. LuaTaint has discovered 68 unknown vulnerabilities.

翻译：物联网设备因其广泛使用而正持续遭受恶意攻击。在这些物联网设备中，Web漏洞因其固有特性（如不恰当的权限控制和不安全的接口）也被广泛利用。近年来，嵌入式系统Web接口框架变得高度多样化，如果开发者忘记检测用户输入参数或检测过程不够严格，就可能产生特定漏洞。因此，通过自动化方法准确且全面地发现物联网设备Web接口中的漏洞是一项重大挑战。本文旨在解决这一挑战。我们针对典型Web接口框架LuCI开发了一个名为LuaTaint的自动化漏洞检测系统。该系统利用静态污点分析来解决移动终端平台上的Web安全问题，以确保检测覆盖率。它将页面处理器控制逻辑的相关规则集成到污点检测过程中，以提高其可扩展性。我们还借助大型语言模型实现了一个后处理步骤，以提高准确性并减少人工分析需求。我们创建了LuaTaint原型，并在来自8个知名厂商的92个物联网固件上进行了测试。LuaTaint已发现68个未知漏洞。