| Título | Novastar CX40 / NetFilter Utility <=2.44.0 firmwares Command Injection |
|---|
| Descrição | Novastar uses various propitiatory utilities to perform actions on their devices, one of them is ``/usr/nova/bin/netconfig``, which as the name suggests, handles the device's network configuration.
There are at least a dozen ``system()`` and or ``popen()`` calls with user input that are used to configure the device's network which lack sanitization, one could potentially inject shell escaping characters like backticks or a subshell (\`, $()) and execute arbitrary commands.
```c
sprintf(cmd, "/sbin/ip addr del %s/%d dev %s", nettask, v10, if_name); // user input formatting into the command buffer
puts(cmd); // redundant puts call, probably for debugging purposes
system(cmd); // command execution right off the bat
``` |
|---|
| Utilizador | ninpwn (UID 82253) |
|---|
| Submissão | 21/03/2025 21h03 (há 1 Ano) |
|---|
| Moderação | 30/03/2025 22h33 (9 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 302058 [Novastar CX40 até 2.44.0 NetFilter Utility /usr/nova/bin/netconfig system/popen Elevação de Privilégios] |
|---|
| Pontos | 17 |
|---|