Linksys Internet Video Camera main.cgi Arbitrary File Access

2004-06-17T05:05:48
ID OSVDB:7112
Type osvdb
Reporter John Doe(scriptX@hotmail.com)
Modified 2004-06-17T05:05:48

Description

Vulnerability Description

Linksys WVC11B Wireless-B Internet Video Camera contains a flaw that a remote attacker to access arbitrary files outside of the application root. This flaw exists because the application does not validate "next_file" parameter variables upon submission to the "main.cgi" script. This could allow a remote attacker to access any files on the system by serving the filename to the "next_file" parameter, leading to a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Linksys WVC11B Wireless-B Internet Video Camera contains a flaw that a remote attacker to access arbitrary files outside of the application root. This flaw exists because the application does not validate "next_file" parameter variables upon submission to the "main.cgi" script. This could allow a remote attacker to access any files on the system by serving the filename to the "next_file" parameter, leading to a loss of confidentiality.

Manual Testing Notes

http://[victim]/main.cgi?next_file=/etc/passwd

References:

Vendor URL: http://www.linksys.com/products/product.asp?grid=33&scid=38&prid=566 Secunia Advisory ID:11881 Other Advisory URL: http://www.securiteam.com/securitynews/5BP0E0UDFW.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-06/0103.html ISS X-Force ID: 16437