daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Much better description

patch-1
Noam Rathaus 2021-05-16 15:50:33 +03:00
parent 14a612623a
commit 0d836a40f8
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cves/2019/CVE-2019-17270.yaml
View File

@ -8,10 +8,7 @@ info:
- https://www.exploit-db.com/exploits/47760
- https://nvd.nist.gov/vuln/detail/CVE-2019-17270
description: |
Yachtcontrol software is being used for controlling several aspects on yachts, as the name implies. Having access to the webapplication,
it's possible to control several items such as lights, powergenerator, solarcontrol, airco, wipers, heating and other components.
Websoftware is built in PHP and mostly runs on a Linux based firmware device, controlling several other components related to the Yacht.
Other related software running on the same firmware device are custom compiled ELF binaries for controlling related onboard devices.
A vulnerability in Yachtcontrol makes it possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's.
tags: rce,yachtcontrol,cve,cve2019
requests: