Skip to content

HTTP Server File upload leads to Code Execution #52

Open
@feric

Description

Through the File upload feature, it is possible to replace .sh files in the device with malicious content, leading to execute os commands on the device as root user.

The vulnerability is described in the below URL:
https://github.com/feric/Findings/tree/main/Hiby/Web%20Server/File%20uploading

This finding was found in firmware 1.5; however, is still present in the latest 1.7 firmware for the R3 Pro Saber.

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions