Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

nexusway.txt

🗓️ 07 Aug 2005 00:00:00Reported by PokleyzzType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

Neteyes Nexusway multiple vulnerability with very high severity. Multiservice border gateway providing Multiaccess and Multiservice capabilities in enterprise network

Code
`  
Product : Neteyes Nexusway (http://www.neteyes.com.tw)  
Description: Neteyes Nexusway multiple vulnerability  
Severity: Very High  
  
Description  
===========  
The NexusWay is a Multiservice Border Gateway that provides the  
Multiaccess and Multiservice capabilities in the border segment of an  
enterprise network.  
  
Detail  
======  
  
Weak authentication in web module  
---------------------------------  
By sending crafted http cookies, any user with access to port 443 on  
Neteyes Nexusway may use this vulnerability to become Neteyes Nexusway  
admin. This will allow user to change any configuration on this device.  
  
Example:  
# curl -k -b 'cyclone500_write=1; cyclone500_auth=1;   
client_ip1;client=0.0.0.0' https://192.168.1.135/index.cgi  
  
Escaping to Operating System shell in SSH module  
------------------------------------------------  
User with access to SSH module may able to access Shell or execute any  
command as "root" privileges on Neteyes Nexusway by sending crafted  
argument in certain command. This will allow user to do anything on this  
device.  
  
Example:  
> ping ;sh  
> traceroute ;sh  
  
Remote command execution in web module  
--------------------------------------  
Any user with access to port 443 on Neteyes Nexusway is able to fully  
control Neteyes Nexusway device by sending special crafted packet to  
certain administration script. Web server is run as "root" on this devices.  
  
Example:  
https://192.168.1.135/nslookup.cgi?ip=localhost%26%26cat%20/stand/htdocs/config/admin  
https://192.168.1.135/ping.cgi?ip=localhost%26%26touch+/tmp/test  
  
Workaround  
==========  
Disable Web Administration module  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Aug 2005 00:00Current
7.4High risk
Vulners AI Score7.4
neteyes nexuswaymultiple vulnerabilityvery high severitymultiservice border gatewayweak authenticationoperating system shellremote command executiondisable web administration module
20