Riello UPS NetMan 208 Directory Traversal Vulnerability Leading to Remote Code Execution
Vulnerability
A directory traversal vulnerability has been identified in the Riello UPS NetMan 208 application, prior to version 1.12. The issue allows authenticated users to upload files through the 'certsupload.cgi' script, with the potential for remote code execution. The vulnerability arises from improper validation of user-supplied input, enabling attackers to traverse directories and execute malicious payloads.
Impact
Exploitation of this vulnerability allows for arbitrary file upload, which can be leveraged to execute malicious code on the server.
Reproduction
To reproduce this vulnerability, an authenticated admin user can upload a file through the 'certsupload.cgi' script. By including a crafted filename that exploits the directory traversal vulnerability, it's possible to overwrite an existing CGI file. Once the file is overwritten with a payload, such as a reverse shell, and the corresponding script is accessed, the payload is executed, resulting in remote code execution.
Remediation
Users are advised to update to Riello UPS NetMan version 1.12 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.