Iomega Home Media Network Hard Drive 'smbwebclient.php' Authentication Bypass Vulnerability

Bugtraq ID:	39474
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 14 2010 12:00AM
Updated:	Apr 14 2010 12:00AM
Credit:	fizix610
Vulnerable:	Iomega Home Media Network Hard Drive 2.061 Iomega Home Media Network Hard Drive 2.038
Not Vulnerable:	Iomega Home Media Network Hard Drive 2.063

Iomega Home Media Network Hard Drive 'smbwebclient.php' Authentication Bypass Vulnerability

Iomega Home Media Network Hard Drive is prone to an authentication-bypass vulnerability.

Attackers can leverage this issue to gain full browser-based read/write access to any visible shares on the device itself or the rest of the device's local network without proper authentication. Successful exploits may lead to other attacks.

This issue affects the Iomega Home Media Network Hard Drive Firmware versions 2.038 - 2.061.

Iomega Home Media Network Hard Drive 'smbwebclient.php' Authentication Bypass Vulnerability

Attackers may launch attacks through a browser.

The following example URIs are available:

http://www.example.com/cgi-bin/smbwebclient.php?path=WORKGROUP%2F[DEVICE NAME]
http://www.example.com/cgi-bin/smbwebclient.php

Iomega Home Media Network Hard Drive 'smbwebclient.php' Authentication Bypass Vulnerability

Solution:
The vendor has released fixes. Please see the references for details.

Iomega Home Media Network Hard Drive 'smbwebclient.php' Authentication Bypass Vulnerability

References:

• Home Media Network Hard Drive Firmware Version 2.063 : Read First (Iomega)
  
• Iomega Homepage (Iomega)
  
• Unauthenticated Filesystem Access in iomega Home Media Network (Iomega)