• info
• discussion
• exploit
• solution
• references

IP3 Networks NetAccess NA75 Multiple Local Vulnerabilities

IP3 Networks NetAccess NA75 devices are susceptible to multiple local vulnerabilities:

- A command-injection vulnerability due to insufficient input-sanitization of user-supplied commands. This issue allows attackers to execute arbitrary shell commands in the underlying UNIX-based operating system.

- An encrypted-password information-disclosure vulnerability. This issue may aid attackers in brute-force password-guessing attacks.

- An insecure default-permissions vulnerability. This issue allows attackers to access or corrupt potentially sensitive information.

These issues are present in version 4.0.34 of the device's firmware; other versions may also be affected.