Unauthenticated Remote Command Execution in Netgear ReadyNAS Surveillance ========================================================================= Product Description =================== Netgear ReadyNAS Surveillance is a NVR (Network Video Recorder) available for Netgear NAS systems. Vulnerability Description ========================= A critical vulnerability has been found in Netgear ReadyNAS Surveillance configuration backup feature, allowing remote users to execute arbitrary commands as root. Unauthenticated Config File Download + Remote Root via RCE ========================================================== Because the ReadyNAS Surveillance cgi_system cgi application doesn't check the user-provided "bfile" POST parameter and does not check if the user is authenticated, it's possible to execute arbitrary commands as root. It's also possible, without RCE, to download the ReadyNAS Surveillance configuration files. **Access Vector**: remote **Security Risk**: high **Vulnerability**: CWE-88
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment