The Aerohive/Extreme Networks HiveOS administrative webinterface (NetConfig) is vulnerable to LFI because it uses an old version of PHP vulnerable to string truncation attacks. An attacker is able to use this in conjunction with log poisoning to gain root rights on a vulnerable access point.
Recent assessments:
wvu-r7 at September 03, 2020 7:02pm UTC reported:
There is an exploit for this. I was able to extract the firmware and statically confirm the vulnerability. I havenโt tried to kick it off in QEMU yet.
Fun bug chain. The vendor hasnโt patched this. If youโre using this in your environment, you may want to disable the web interface as per the exploitโs README.md.
Note that this HiveOS is not to be confused with the mining platform HiveOS. This is Wi-Fi stuff.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5