| Title | Novastar CX40 / NetFilter Utility <=2.44.0 firmwares Command Injection |
|---|
| Description | Novastar uses various propitiatory utilities to perform actions on their devices, one of them is ``/usr/nova/bin/netconfig``, which as the name suggests, handles the device's network configuration.
There are at least a dozen ``system()`` and or ``popen()`` calls with user input that are used to configure the device's network which lack sanitization, one could potentially inject shell escaping characters like backticks or a subshell (\`, $()) and execute arbitrary commands.
```c
sprintf(cmd, "/sbin/ip addr del %s/%d dev %s", nettask, v10, if_name); // user input formatting into the command buffer
puts(cmd); // redundant puts call, probably for debugging purposes
system(cmd); // command execution right off the bat
``` |
|---|
| User | ninpwn (UID 82253) |
|---|
| Submission | 03/21/2025 21:03 (1 Year ago) |
|---|
| Moderation | 03/30/2025 22:33 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 302058 [Novastar CX40 up to 2.44.0 NetFilter Utility /usr/nova/bin/netconfig system/popen command injection] |
|---|
| Points | 17 |
|---|