| Título | Novastar CX40 / NetFilter Utility <=2.44.0 firmwares Command Injection |
|---|
| Descripción | Novastar uses various propitiatory utilities to perform actions on their devices, one of them is ``/usr/nova/bin/netconfig``, which as the name suggests, handles the device's network configuration.
There are at least a dozen ``system()`` and or ``popen()`` calls with user input that are used to configure the device's network which lack sanitization, one could potentially inject shell escaping characters like backticks or a subshell (\`, $()) and execute arbitrary commands.
```c
sprintf(cmd, "/sbin/ip addr del %s/%d dev %s", nettask, v10, if_name); // user input formatting into the command buffer
puts(cmd); // redundant puts call, probably for debugging purposes
system(cmd); // command execution right off the bat
``` |
|---|
| Usuario | ninpwn (UID 82253) |
|---|
| Sumisión | 2025-03-21 21:03 (hace 1 Año) |
|---|
| Moderación | 2025-03-30 22:33 (9 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 302058 [Novastar CX40 hasta 2.44.0 NetFilter Utility /usr/nova/bin/netconfig system/popen escalada de privilegios] |
|---|
| Puntos | 17 |
|---|