| Titolo | Novastar CX40 / NetFilter Utility <=2.44.0 firmwares Command Injection |
|---|
| Descrizione | Novastar uses various propitiatory utilities to perform actions on their devices, one of them is ``/usr/nova/bin/netconfig``, which as the name suggests, handles the device's network configuration.
There are at least a dozen ``system()`` and or ``popen()`` calls with user input that are used to configure the device's network which lack sanitization, one could potentially inject shell escaping characters like backticks or a subshell (\`, $()) and execute arbitrary commands.
```c
sprintf(cmd, "/sbin/ip addr del %s/%d dev %s", nettask, v10, if_name); // user input formatting into the command buffer
puts(cmd); // redundant puts call, probably for debugging purposes
system(cmd); // command execution right off the bat
``` |
|---|
| Utente | ninpwn (UID 82253) |
|---|
| Sottomissione | 21/03/2025 21:03 (1 Anno fa) |
|---|
| Moderazione | 30/03/2025 22:33 (9 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 302058 [Novastar CX40 fino a 2.44.0 NetFilter Utility /usr/nova/bin/netconfig system/popen escalationi di privilegi] |
|---|
| Punti | 17 |
|---|