DreamBox DM500+ - Arbitrary File Download Vulnerability

ID EDB-ID:17279
Type exploitdb
Reporter LiquidWorm
Modified 2011-05-13T00:00:00


DreamBox DM500(+) - Arbitrary File Download Vulnerability. Remote exploit for hardware platform

                                             DreamBox DM500(+) Arbitrary File Download Vulnerability

 Vendor: Dream Multimedia GmbH
 Product web page: http://www.dream-multimedia-tv.de
 Affected version: DM500, DM500+, DM500HD and DM500S

 Summary: The Dreambox is a series of Linux-powered
 DVB satellite, terrestrial and cable digital television
 receivers (set-top box).

 Desc: Dreambox suffers from a file download vulnerability
 thru directory traversal with appending the '/' character
 in the HTTP GET method of the affected host address. The
 attacker can get to sensitive information like paid channel
 keys, usernames, passwords, config and plug-ins info, etc.

 Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma

 Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic
 liquidworm gmail com
 Zero Science Lab - http://www.zeroscience.mk

 Advisory ID: ZSL-2011-5013
 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5013.php