| 제목 | Novastar CX40 / NetFilter Utility <=2.44.0 firmwares Command Injection |
|---|
| 설명 | Novastar uses various propitiatory utilities to perform actions on their devices, one of them is ``/usr/nova/bin/netconfig``, which as the name suggests, handles the device's network configuration.
There are at least a dozen ``system()`` and or ``popen()`` calls with user input that are used to configure the device's network which lack sanitization, one could potentially inject shell escaping characters like backticks or a subshell (\`, $()) and execute arbitrary commands.
```c
sprintf(cmd, "/sbin/ip addr del %s/%d dev %s", nettask, v10, if_name); // user input formatting into the command buffer
puts(cmd); // redundant puts call, probably for debugging purposes
system(cmd); // command execution right off the bat
``` |
|---|
| 사용자 | ninpwn (UID 82253) |
|---|
| 제출 | 2025. 03. 21. PM 09:03 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 30. PM 10:33 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 302058 [Novastar CX40 까지 2.44.0 NetFilter Utility /usr/nova/bin/netconfig system/popen 권한 상승] |
|---|
| 포인트들 | 17 |
|---|