Vendor: SGAI
Affected products: Space1 NAS - N1211DS ≤ v1.0.915
Vendor Homepage: https://www.aigyzn.com/
Vendor contact information: https://www.aigyzn.com/contact/ - sgai@aigyzn.com
The SGAI Space1 NAS (model N1211DS, firmware version v1.0.915) contains an unauthorized remote command execution vulnerability caused by command injection. An attacker who has not verified their identity can use the OPERATE_FILE command interface to manipulate files or directories whose name containing malicious commands, thereby triggering a command injection vulnerability and gaining the highest level of control over the remote target NAS device.
The vulnerability is located in the binary file gsaiagent.
In the sub_35808 function corresponding to the OPERATE_FILE command interface, the path field is retrieved.
Copy the obtained parameters into the v15 structure.
Next, the sub_28F84 function is invoked.
Specifically, the sub_2882C function is invoked.
Next, for example, for deletion, i.e., moving to the recycle bin (type=3), the sub_7EE18 function is invoked.
