Posted by Pedro Ribeiro on Aug 12

tl;dr

RCE, file download, weak encryption and user impersonation, all of which
can be exploited by an unauthenticated attacker in WebNMS Framework 5.2
and 5.2 SP1.

A special thanks to Beyond Security and their SSD program, which helped
disclose the vulnerabilities. See their advisory at
https://blogs.securiteam.com/index.php/archives/2712

My full advisory can be seen below, and a copy can be obtained at the
github repo…