CVE-2017-18378

HIGH EXPLOITED

Netgear Readynas Surveillance Firmware < 1.1.4-7 - Command Injection

Title source: rule

Description

In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.

Exploits (1)

exploitdb WORKING POC

by Kacper Szurek · textwebappshardware

https://www.exploit-db.com/exploits/42956

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://kb.netgear.com/000049072/Security-Advisory-for-Command-Injection-in-ReadyNAS-Surveillance-Application-PSV-2017-2653

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42956

Scores

CVSS v3 8.4

EPSS 0.1554

EPSS Percentile 94.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2023-11-13

Classification

CWE

CWE-77

Status published

Affected Products (2)

netgear/readynas_surveillance_firmware < 1.1.4-7

netgear/readynas_surveillance_firmware < 1.4.3-17

Timeline

Published Jun 11, 2019

Tracked Since Feb 18, 2026