Security Advisory: NETGEAR ReadyNAS

The NETGEAR ReadyNAS RAIDiator firmware prior to the 4.2.24 release is prone to remote command execution through the FrontView web interface. An attacker can use an unauthenticated HTTP GET request to execute arbitrary commands as user 'admin' on the remote NAS device. This vulnerability exists due to a failure in /frontview/lib/np_handler.pl to sanitize user-input. (An eval is exposed as part of the ‘forgot password’ workflow.) This vulnerability can be exploited by an attacker on the local network or by a remote attacker using XSRF techniques. Due to various improper file system permissions, the admin user can execute commands as root.