{"uuid": "df7c82cc-9a0f-474f-8b44-4ae95622bdab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-18378", "type": "seen", "source": "https://t.me/cibsecurity/4847", "content": "ATENTION\u203c New - CVE-2017-18378\n\nIn NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-06-12T00:30:25.000000Z"}