allowing for remote code execution. The advisory was discovered by the researchers from Google Project Zero and was responsibly disclosed to the vendor. The advisory indicates that a remote code execution vulnerability exists in the setLanguageCfg function of the NR1800X devices running V9.1.0u.6279_B20210910. The function is used to set the language preference of a device.
When setting the language preference, the setLanguageCfg function is vulnerable to an information disclosure allowing a remote attacker to discover the valid language codes and send malicious code to be executed on the device. The setLanguageCfg function can be exploited by sending a crafted HTTP request to the device, causing it to crash and allow for remote code execution. The setLanguageCfg function is located in the /lib/cups/backend/cups/file_converter.py file, which is part of the CUPS backend. Exploiting this vulnerability requires a remote attacker to have a network connection to the device the target system.
POC: Remotely Exploitable Code Execution Vulnerability - CVE-2018-10356 / Google Project Zero The setLanguageCfg function in the CUPS backend for NR1800X devices running V9.1.0u.6279_B20210910 allows for remote code execution via a crafted HTTP request. An attacker can send a crafted HTTP request to the device causing it to crash and allowing for remote code execution. The set
References !DOCTYPE html >
!DOCTYPE html>
Vulnerable CUPS backend
The CUPS backend for NR1800X devices running V9.1.0u.6279_B20210910 is vulnerable to an information disclosure vulnerability allowing a remote attacker to discover the valid language codes and send malicious code to be executed on the device. The setLanguageCfg function is located in the /lib/cups/backend/cups/file_converter.py file, which is part of the CUPS backend. Exploiting this vulnerability requires a remote attacker to have a network connection to the device the target system.
CUPS backend for NR1800X devices running V9.1.0u.6279_B20210910
The CUPS backend for NR1800X devices running V9.1.0u.6279_B20210910 is vulnerable to a remote code execution vulnerability due to an input validation issue. An attacker could exploit the vulnerability by sending a crafted HTTP request to the device, causing it to crash and allowing for remote code execution. The CUPS backend for NR1800X devices running V9.1.0u.6279_B20210910 is located in the /lib/cups/backend/cups/file_converter.py file, which is part of the CUPS backend and can be exploited with a network connection.
POC: Remotely Exploitable Code Execution Vulnerability - CVE-2018-10356 / Google Project Zero
Timeline
Published on: 10/06/2022 18:16:00 UTC
Last modified on: 10/12/2022 02:58:00 UTC