Project

General

Profile

Actions

Bug #2952

closed

Unvalidated input during system_firmware_check.php

Added by Jeremy Porter over 8 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Upgrade
Target version:
Start date:
04/16/2013
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

When the system goes to check firmware, it checks over http:, not https, secondly it blindly accepts any returned response and attempts to parse it.
If for instance you are behind a captive portal, with a flash app install, that gets injected right through.
This appears to be where the problem is: $remote_version = trim(@file_get_contents("/tmp/{$g['product_name']}_version"));

Actions

Also available in: Atom PDF