Home
Description
Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is executed with root-privileges on any interaction and on every system boot.
References
seclists.org/fulldisclosure/2025/Jul/20
www.ak-nord.de/...erver--usb-konverter--print-server-80.html
seclists.org/fulldisclosure/2025/Jul/20