Vulnerability Details CVE-2017-18378
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.155
EPSS Ranking 94.4%
CVSS Severity
CVSS v3 Score 8.4
CVSS v2 Score 7.5
References
- https://kb.netgear.com/000049072/Security-Advisory-for-Command-Injection-in-ReadyNAS-Surveillance-Application-PSV-2017-2653
- https://www.exploit-db.com/exploits/42956
- https://kb.netgear.com/000049072/Security-Advisory-for-Command-Injection-in-ReadyNAS-Surveillance-Application-PSV-2017-2653
- https://www.exploit-db.com/exploits/42956
Products affected by CVE-2017-18378
-
cpe:2.3:h:netgear:readynas_surveillance:-
-
cpe:2.3:o:netgear:readynas_surveillance_firmware:*