Open
Description
Through the File upload feature, it is possible to replace .sh files in the device with malicious content, leading to execute os commands on the device as root user.
The vulnerability is described in the below URL:
https://github.com/feric/Findings/tree/main/Hiby/Web%20Server/File%20uploading
This finding was found in firmware 1.5; however, is still present in the latest 1.7 firmware for the R3 Pro Saber.