CVE-2017-18378

Name of the Vulnerable Software and Affected Versions NETGEAR ReadyNAS Surveillance versions prior to 1.4.3-17 x86 NETGEAR ReadyNAS Surveillance versions prior to 1.1.4-7 ARM

Description The issue arises from the fact that the uploaddir variable, obtained from $ GET['uploaddir'], is not properly escaped and is then passed to the system() function through $tmp upload dir. This leads to a remote command execution vulnerability, specifically through the "upgrade handle.php?cmd=writeuploaddir" endpoint.

Recommendations For versions prior to 1.4.3-17 x86, update to version 1.4.3-17 or later. For versions prior to 1.1.4-7 ARM, update to version 1.1.4-7 or later. As a temporary workaround, consider restricting access to the "upgrade handle.php" endpoint to minimize the risk of exploitation. Avoid using the uploaddir variable in the affected endpoint until the issue is resolved.