A critical vulnerability exists in VIAVIWEB Wallpaper Admin software that allows an unauthenticated attacker to take complete control of the web server. By uploading a malicious file disguised as an image, an attacker can execute arbitrary code, leading to potential data theft, service disruption, and full system compromise. This vulnerability requires immediate attention due to its high severity and ease of exploitation.

The vulnerability is an unauthenticated Remote Code Execution (RCE) flaw within the image upload functionality. The specific endpoint, add_gallery_image.php, fails to properly validate the type of file being uploaded and does not require any authentication to access. An attacker can craft a malicious PHP script, save it with an image file extension (or bypass client-side checks), and upload it to the server. Once uploaded, the attacker can navigate to the file's location on the server, causing the web server to execute the embedded PHP code with the permissions of the web server process.

This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the extreme risk it poses to the organization. Successful exploitation could lead to a complete compromise of the affected server, resulting in the theft of sensitive data, including customer information, intellectual property, and credentials. An attacker could also deface the website, disrupt business operations by deleting files or shutting down services, or use the compromised server as a pivot point to launch further attacks against the internal network or to host malware. The potential for significant financial loss, reputational damage, and regulatory fines is high.

Immediate Action:

• Immediately apply the security patches provided by the vendor. Update all instances of VIAVIWEB Wallpaper Admin to the latest available version to mitigate this vulnerability.
• Begin actively monitoring web server access logs for any POST requests to the add_gallery_image.php endpoint, especially from unknown IP addresses.
• Review the contents of image upload directories for any suspicious or non-image files (e.g., files with extensions like .php, .phtml, .php5).

Proactive Monitoring:

• Implement log analysis rules to generate alerts for any attempts to upload files with script-based extensions to image directories.
• Monitor for unusual outbound network traffic originating from the web server, which could indicate a successful compromise and communication with a command-and-control server.
• Use a file integrity monitoring (FIM) solution to detect unauthorized changes to files in the web application's directories.

Compensating Controls:

• If immediate patching is not feasible, use a Web Application Firewall (WAF) with rules designed to inspect file uploads and block malicious file types.
• Configure the web server to deny access to the add_gallery_image.php endpoint from all untrusted IP addresses.
• Modify web server configuration to prevent the execution of scripts (e.g., PHP) within the designated image upload directories.

Public Exploit Available: true

Given the critical CVSS score of 9.8 and the unauthenticated nature of this remote code execution vulnerability, we recommend immediate and urgent action. The risk of a full system compromise is extremely high. Organizations must prioritize applying the vendor-supplied patches to all affected systems without delay. If patching cannot be performed immediately, the compensating controls listed above, particularly restricting access to the vulnerable endpoint and disabling script execution in upload directories, should be implemented as an emergency mitigation measure.