CVE-2017-18378

HIGH EXPLOITED

NETGEAR ReadyNAS Surveillance <1.4.3-17 x86 & <1.1.4-7 ARM - RCE via upgrade_handle.php

Title source: llm

Exploitation Summary

CVE-2017-18378 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Kacper Szurek.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated remote command execution (RCE) vulnerability in Netgear ReadyNAS Surveillance 1.4.3-16. The vulnerability arises from improper escaping of the $_GET['uploaddir'] parameter, which is passed to the system() function, allowing arbitrary command injection.

Description

In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.

Exploits (1)

exploitdb WORKING POC

by Kacper Szurek · textwebappshardware

https://www.exploit-db.com/exploits/42956

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated remote command execution (RCE) vulnerability in Netgear ReadyNAS Surveillance 1.4.3-16. The vulnerability arises from improper escaping of the $_GET['uploaddir'] parameter, which is passed to the system() function, allowing arbitrary command injection.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Netgear ReadyNAS Surveillance 1.4.3-16

No auth needed

Prerequisites: Network access to the target device · Target device running vulnerable software version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://kb.netgear.com/000049072/Security-Advisory-for-Command-Injection-in-ReadyNAS-Surveillance-Application-PSV-2017-2653

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/42956

Scores

CVSS v3 8.4

EPSS 0.0817

EPSS Percentile 94.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-11-13

CWE

CWE-77

Status published

Products (2)

netgear/readynas_surveillance_firmware < 1.1.4-7

netgear/readynas_surveillance_firmware < 1.4.3-17

Published Jun 11, 2019

Tracked Since Feb 18, 2026