Frontview is the ReadyNAS web management interface; the vulnerability allows command injection and fails to validate or sanitize user input and can be triggered without authentication, Young said.

“The consequence is that an unauthenticated HTTP request can inject arbitrary Perl code to run on the server,” Young wrote on the Tripwire blog. “Naturally, this includes the ability to execute commands on the ReadyNAS embedded Linux in the context of the Apache web server.”

via Critical NETGEAR ReadyNAS Frontview security vulnerability | Threatpost | The First Stop For Security News.