MyFi Wireless-Disk Multiple Security Vulnerabilities
BID:58035
Info
MyFi Wireless-Disk Multiple Security Vulnerabilities
| Bugtraq ID: | 58035 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 13 2013 12:00AM |
| Updated: | Feb 13 2013 12:00AM |
| Credit: | Benjamin Kunz Mejri |
| Vulnerable: |
JumiTech MyFi Wireless-Disk 1.2 |
| Not Vulnerable: | |
Discussion
MyFi Wireless-Disk Multiple Security Vulnerabilities
MyFi Wireless-Disk is prone to a local file-include vulnerability, a remote command-injection vulnerability, and a cross-site request-forgery vulnerability because it fails to properly sanitize user-supplied input.
A remote attacker can exploit these issues to execute arbitrary commands with the privileges of the user running the application, obtain potentially sensitive information, execute arbitrary local scripts in the context of the Web server process, and execute arbitrary code and perform unauthorized actions in the context of the user running the affected application. This may lead to other attacks.
MyFi Wireless-Disk 1.2 is vulnerable; other versions may also be affected.
MyFi Wireless-Disk is prone to a local file-include vulnerability, a remote command-injection vulnerability, and a cross-site request-forgery vulnerability because it fails to properly sanitize user-supplied input.
A remote attacker can exploit these issues to execute arbitrary commands with the privileges of the user running the application, obtain potentially sensitive information, execute arbitrary local scripts in the context of the Web server process, and execute arbitrary code and perform unauthorized actions in the context of the user running the affected application. This may lead to other attacks.
MyFi Wireless-Disk 1.2 is vulnerable; other versions may also be affected.
Solution / Fix
MyFi Wireless-Disk Multiple Security Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
MyFi Wireless-Disk Multiple Security Vulnerabilities
References:
References:
- Wireless-Disk FREE By JumiTech (Apple Inc)
- JumiTech Homepage (JumiTech)