4 matches found
CVE-2017-18378
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $GET'uploaddir' is not escaped and is passed to system through $tmpuploaddir, leading to upgradehandle.php?cmd=writeuploaddir remote command execution...
CVE-2017-18378
creationtimestamp| type| source ---|---|--- 2019-06-12 00:30:25+00:00| seen| https://t.me/cibsecurity/4847 2024-12-21 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-21 2024-12-23 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities -...
CVE-2017-18378
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $GET'uploaddir' is not escaped and is passed to system through $tmpuploaddir, leading to upgradehandle.php?cmd=writeuploaddir remote command execution...
CVE-2017-18378
The CVE-2017-18378 vulnerability affects NETGEAR ReadyNAS Surveillance prior to 1.4.3-17 (x86) and 1.1.4-7 (ARM). The issue is a failure to escape $_GET['uploaddir'], which is passed to system() via $tmp_upload_dir, enabling remote command execution via upgrade_handle.php?cmd=writeuploaddir. Publ...