AVM Fritz!DSL IGD Control Service Directory Traversal Information Disclosure Vulnerability

Bugtraq ID:	22093
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 17 2007 12:00AM
Updated:	Jan 18 2007 12:02AM
Credit:	DPR <[email protected]> is credited with the discovery of this vulnerability.
Vulnerable:	AVM Fritz!DSL Software 2.2.29
Not Vulnerable:

AVM Fritz!DSL IGD Control Service Directory Traversal Information Disclosure Vulnerability

The AVM Fritz!DSL IGD Control Service is prone to a remote information-disclosure vulnerability because the application fails to properly sanitize user-supplied input.

Exploiting this issue allows remote, unauthenticated attackers to retrieve the contents of arbitrary files from vulnerable computers with SYSTEM-level privileges. Information harvested may aid in further attacks.

AVM Fritz!DSL IGD Control Service Directory Traversal Information Disclosure Vulnerability

Attackers use a standard browser to exploit this issue.

The following URI example demonstrates this issue:
http://www.example.com:49001/..%5C..%5C..%5Cwindows%5Csystem.ini

AVM Fritz!DSL IGD Control Service Directory Traversal Information Disclosure Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

AVM Fritz!DSL IGD Control Service Directory Traversal Information Disclosure Vulnerability

References:

• [Full-disclosure] Flaw in AVM UPNP service for windows (DPR )
  
• AVM Home Page (AVM)