Описание
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.
Ссылки
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.4-7 (исключая)Версия до 1.4.3-17 (исключая)
Одновременно
Одно из
cpe:2.3:o:netgear:readynas_surveillance_firmware:*:*:*:*:*:*:arm:*
cpe:2.3:o:netgear:readynas_surveillance_firmware:*:*:*:*:*:*:x86:*
cpe:2.3:h:netgear:readynas_surveillance:-:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.1554
Средний
8.4 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.
EPSS
Процентиль: 94%
0.1554
Средний
8.4 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-77