| 제목 | Netcore POWER15AX V3.0.0.6938 Command Injection |
|---|
| 설명 | A command injection vulnerability exists in Netcore POWER15AX router firmware V3.0.0.6938. The setTools function in /bin/netis.cgi implements incomplete input filtering that only blocks 4 characters (space, pipe, semicolon, ampersand) but does not filter command substitution syntax like $(command) or backticks. This allows attackers to bypass the filter and execute arbitrary OS commands with root privileges through the diagnostic tool interface.
The vulnerability was discovered through static analysis using IDA Pro. The decompiled code shows user input from the "IpAddr" parameter is directly concatenated into a command string via sprintf() and executed via system() without proper validation.
Full technical analysis, IDA screenshots, and theoretical PoC available at: https://github.com/fakervsbln/netcore-power15ax-cve
|
|---|
| 원천 | ⚠️ https://github.com/fakervsbln/netcore-power15ax-cve |
|---|
| 사용자 | Lastxuan (UID 96269) |
|---|
| 제출 | 2026. 03. 10. AM 07:21 (24 날 ago) |
|---|
| 모더레이션 | 2026. 03. 25. PM 03:39 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 353146 [Netcore Power 15AX 까지 3.0.0.6938 Diagnostic Tool Interface /bin/netis.cgi setTools IpAddr 권한 상승] |
|---|
| 포인트들 | 20 |
|---|