OSVDB ID: 86794

Title: NETGEAR NTV300 NeoTV Wireless SSID System Call Injection Arbitrary Command Execution

Info

Disclosure

Oct 23, 2012

Discovery

Unknown

Dates

Exploit

Oct 23, 2012

Solution

Unknown

Description

The NETGEAR NTV300 (NeoTV) contains a flaw that may allow a physically proximate attacker to gain access to the device. The issue is due to the system() and popen() system calls using the device SSID and encryption key values as part of their function. These values are user controllable, and can be injected via the TV's remote control. For example, setting the SSID to 'reboot' and submitting it will cause the device to reboot. Using a more complex set of injections, an attacker can create a script that will execute arbitrary commands, such as a limited shell, or enable the Telnet server (which is not enabled by default).

Classification

Location: Physical Access Required, Wireless Vector
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Netgear

NTV300

Unspecified

References

Related OSVDB ID: 86793
Other Advisory URL: http://www.devttys0.com/2012/10/jailbreaking-the-neotv/
Vendor URL: http://www.netgear.com/home/products/hometheater/media-players/NTV300.aspx

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86794