ID
VAR-201211-0603
TITLE
NETGEAR NTV300 NeoTV Wireless SSID System Call Injects Any Command Execution Vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2012-6232
DESCRIPTION
NETGEAR NTV300 (NeoTV) is a set-top box device. NETGEAR NTV300 (NeoTV) has defects. The system() and popen() system calls use the device SSID and encryption key as part of the function call. Because these values are user controllable, the attacker is allowed to inject and execute arbitrary commands through the TV remote control. If the SSID is set to 'reboot', the device can be restarted.
Trust: 0.6
sources:
CNVD: CNVD-2012-6232
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2012-6232
AFFECTED PRODUCTS
| vendor: | netgear | model: | ntv300 | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2012-6232
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2012-6232 | Trust: 0.6 |
sources:
CNVD: CNVD-2012-6232
REFERENCES
| url: | http://www.devttys0.com/2012/10/jailbreaking-the-neotv/ | Trust: 0.6 |
sources:
CNVD: CNVD-2012-6232
SOURCES
| db: | CNVD | id: | CNVD-2012-6232 |
LAST UPDATE DATE
2022-05-04T09:19:01.223000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2012-6232 | date: | 2012-11-05T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2012-6232 | date: | 2012-11-05T00:00:00 |