Vulnerability Name:

CVE-2017-18378 (CCN-133028)

Assigned:2017-09-27
Published:2017-09-27
Updated:2019-10-09
Summary:In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-77
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2017-18378

Source: CCN
Type: Full-Disclosure Mailing List, Tue, 3 Oct 2017 08:28:03 +0300
Netgear ReadyNAS Surveillance Unauthenticated Remote Command Execution

Source: XF
Type: UNKNOWN
netgear-readynas-cmd-exec(133028)

Source: MISC
Type: Vendor Advisory
https://kb.netgear.com/000049072/Security-Advisory-for-Command-Injection-in-ReadyNAS-Surveillance-Application-PSV-2017-2653

Source: CCN
Type: Packet Storm Security [10-04-2017]
Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/42956

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [09-27-2017]

Source: CCN
Type: Netgear Web site
Netgear ReadyNAS Surveillance

Vulnerable Configuration:Configuration 1:
  • cpe:/a:netgear:readynas_surveillance:*:*:*:*:*:*:arm:* (Version < 1.1.4-7)
  • OR cpe:/a:netgear:readynas_surveillance:*:*:*:*:*:*:x86:* (Version < 1.4.3-17)
  • AND
  • cpe:/h:netgear:readynas_surveillance:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2017-18378 (CCN-163549)

    Assigned:2017-09-28
    Published:2017-09-28
    Updated:2017-09-28
    Summary:NETGEAR ReadyNAS Surveillance could allow a local attacker to execute arbitrary commands on the system, caused by a flaw in the upgrade_handle.php?cmd=writeuploaddir. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
    CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
    8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
    7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2017-18378

    Source: XF
    Type: UNKNOWN
    netgear-cve201718378-command-exec(163549)

    Source: CCN
    Type: PSV-2017-2653
    Security Advisory for Command Injection Vulnerability in ReadyNAS Surveillance Application

    Source: EXPLOIT-DB
    Type: EXPLOIT
    Offensive Security Exploit Database [09-27-2017]

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/h:netgear:readynas_surveillance:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    netgear readynas surveillance firmware *
    netgear readynas surveillance firmware *
    netgear readynas surveillance -
    netgear readynas surveillance -