N/A

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.

N/A

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

NETGEAR R6700v3 操作系统命令注入漏洞

NETGEAR R6700v3是美国网件（NETGEAR）公司的一款路由器。连接两个或多个网络的硬件设备，在网络间起网关的作用。 NETGEAR R6700v3 1.0.4.120_10.0.91版本存在操作系统命令注入漏洞，该漏洞源于在使用用户提供的字符串执行系统调用之前缺乏适当的验证。攻击者可以利用此漏洞在root环境中执行代码。

N/A

N/A