Lucene search
K

Twonky Server < 7.2.11, 8.x < 8.1.2 Writing of Arbitrary Files Vulnerability

🗓️ 27 Sep 2016 00:00:00Reported by Copyright (C) 2016 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 53 Views

Twonky Server Writing of Arbitrary Files Vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
OpenVAS
Western Digital My Cloud Multiple Products < 2.21.111 Multiple Vulnerabilities
2 Sep 202000:00
openvas
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:lynxtechnology:twonky_server";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.108006");
  script_version("2025-11-21T05:40:28+0000");
  script_tag(name:"last_modification", value:"2025-11-21 05:40:28 +0000 (Fri, 21 Nov 2025)");
  script_tag(name:"creation_date", value:"2016-09-27 12:00:00 +0200 (Tue, 27 Sep 2016)");
  script_tag(name:"cvss_base", value:"6.4");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:P");

  script_cve_id("CVE-2015-6505");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Twonky Server < 7.2.11, 8.x < 8.1.2 Writing of Arbitrary Files Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_twonky_server_http_detect.nasl");
  script_mandatory_keys("twonky/server/detected");

  script_tag(name:"summary", value:"Twonky Server is prone to a vulnerability which permits
  attackers with access to the local network in which Twonky Server runs, to write arbitrary files
  on the host running the Twonky Server. It can be used to replace existing or create new files on
  the file system, as accessible by the user under which user ID Twonky Server runs (which can be
  root).");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"impact", value:"As this vulnerability can be used to overwrite and replace
  arbitrary files, this vulnerability can be used to gain control of the target system by
  overwriting system files or can create a denial of service attack by overwriting system critical
  files.");

  script_tag(name:"affected", value:"Twonky Server version 7.0.x, 8.0 and 8.1 with enabled NMC web
  API or web API.");

  script_tag(name:"solution", value:"Update to version 7.2.11, 8.1.2 or later.

  Mitigation:

  Add the following configuration options to the Twonky Server configuration file:

  enablenmcwebapi=0
  enableweb=0

  This will block access to the incriminated function.

  NOTE: Setting 'enableweb' to '0' will completely disable HTTP web access to Twonky Server!");

  script_xref(name:"URL", value:"https://docs.twonky.com/display/TRN/Twonky+Security+Advisory+1+(CVE-2015-6505)+-+Failure+to+verify+HTTP+parameter+allows+writing+of+arbitrary+files+on+host+running+Twonky+Server");
  script_xref(name:"URL", value:"https://docs.twonky.com/display/TRN/Twonky+Server+8.1.2");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! port = get_app_port( cpe:CPE ) )
  exit( 0 );

if( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
  exit( 0 );

version = infos["version"];
location = infos["location"];

if( version_in_range_exclusive( version:version, test_version_lo:"7.0.0", test_version_up:"7.2.11" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"7.2.11", install_path:location );
  security_message( port:port, data:report );
  exit( 0 );
}

if( version_in_range_exclusive( version:version, test_version_lo:"8.0.0", test_version_up:"8.1.2" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"8.1.2", install_path:location );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation