InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution

Posted by deepcore on October 31, 2016 – 11:54 pm

InfraPower PPS-02-S Q213V1 suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exists due to several POST parameters in several scripts not being sanitized when using the exec(), proc_open(), popen() and shell_exec() PHP function while updating the settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« InfraPower PPS-02-S Q213V1 Authentication Bypass Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL