Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdf to your computer and use it in GitHub Desktop.
Save somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdf to your computer and use it in GitHub Desktop.
An issue was discovered in Galleon NTS-6002-GPS > 4.14.103-Galleon-NTS-6002 V12-4
> An authenticated attacker can perform
> command injection as root via shell metacharacters within the Network
> Tools section of the web-management interface. All three networking
> tools are affected (Ping, Traceroute, and DNS Lookup) and their
> respective input fields (ping_address, trace_address,
> nslookup_address).
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> Command Injection
>
> ------------------------------------------
>
> [Vendor of Product]
> Galleon Systems
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Galleon NTS-6002-GPS - 4.14.103-Galleon-NTS-6002.V12 - #4 / No publicly disclosed fixed version as of yet
>
> ------------------------------------------
>
> [Affected Component]
> All three networking tools presented on the interface are affected (Ping, Traceroute and DNS Lookup) and their respective input fields
> (ping_address, trace_address, nslookup_address).
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Authenticated - Command Injection via Management Interface
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> Victor van der Helm - Pen Test Partners
>
> ------------------------------------------
>
> [Reference]
> https://www.galsys.co.uk/support/software-download.html
Use CVE-2022-27224.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment