Bug Bounty

All about electronic devices security
https://mail.bugbounty.com.au/

Authenticated Local Privilege Escalation via /etc/init.d/lighttpd Script on AK‑Nord USB‑Server‑LXL (CVE‑2025‑52361)

https://mail.bugbounty.com.au/viewtopic.php?t=6736

Page 1 of 1

Authenticated Local Privilege Escalation via /etc/init.d/lighttpd Script on AK‑Nord USB‑Server‑LXL (CVE‑2025‑52361)

Posted: Sun Aug 03, 2025 4:49 am
by Shane1145
Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is executed with root-privileges on any interaction and on every system boot.


https://www.tenable.com/cve/CVE-2025-52361
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited