Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution

Posted by deepcore on July 28, 2016 – 6:06 am

The Iris ID IrisAccess ICU 7000-2 device suffers from an unauthenticated remote command execution vulnerability. The vulnerability exist due to several POST parameters in the ‘/html/SetSmarcardSettings.php’ script not being sanitized when using the exec() PHP function while updating the Smart Card Settings on the affected device. Calling the ‘$CommandForExe’ variable which is set to call the ‘/cgi-bin/setsmartcard’ CGI binary with the affected parameters as arguments allows the attacker to execute arbitrary system commands as the root user and bypass the biometric access control in place.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Centreon Web Interface 2.5.3 Command Execution Huge IT Joomla Catalog Extension 1.0.4 XSS / SQL Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL