If I convince someone to open up a maliciously crafted filename in this application, I can run shell commands as them. Since in many cases openvpn requires elevated privileges, this can be abused to take over a system.
I can write the patch if necessary, tag me if you want me to. If this vulnerability also exists upstream in the resin.io implementation also tag me.
- Dhruv Gramopadhye (dGRAMOP)
If I convince someone to open up a maliciously crafted filename in this application, I can run shell commands as them. Since in many cases openvpn requires elevated privileges, this can be abused to take over a system.
I can write the patch if necessary, tag me if you want me to. If this vulnerability also exists upstream in the resin.io implementation also tag me.