| عنوان | Novastar CX40 / NetFilter Utility <=2.44.0 firmwares Command Injection |
|---|
| الوصف | Novastar uses various propitiatory utilities to perform actions on their devices, one of them is ``/usr/nova/bin/netconfig``, which as the name suggests, handles the device's network configuration.
There are at least a dozen ``system()`` and or ``popen()`` calls with user input that are used to configure the device's network which lack sanitization, one could potentially inject shell escaping characters like backticks or a subshell (\`, $()) and execute arbitrary commands.
```c
sprintf(cmd, "/sbin/ip addr del %s/%d dev %s", nettask, v10, if_name); // user input formatting into the command buffer
puts(cmd); // redundant puts call, probably for debugging purposes
system(cmd); // command execution right off the bat
``` |
|---|
| المستخدم | ninpwn (UID 82253) |
|---|
| ارسال | 21/03/2025 09:03 PM (1 سنة منذ) |
|---|
| الاعتدال | 30/03/2025 10:33 PM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 302058 [Novastar CX40 حتى 2.44.0 NetFilter Utility /usr/nova/bin/netconfig system/popen تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|