CVE-2020–13886 LFI VoIP Intelbras

> Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22
> devices allow cgi-bin/cgiServer.exx?page=..%2F Directory Traversal.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Directory Traversal
>
> ------------------------------------------
>
> [Vendor of Product]
> Intelbras
>
> ------------------------------------------
>
> [Affected Product Code Base]
> TIP 300 - 65.61.75.22
> TIP 200/200 LITE - 60.61.75.15
>
> ------------------------------------------
>
> [Affected Component]
> CGI file parameter
> EX: /cgi-bin/cgiServer.exx?page= LFI ENCODED
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> http://host/cgi-bin/cgiServer.exx?page=..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
>
> ------------------------------------------
>
> [Discoverer]
> Lucas Souza
>
> ------------------------------------------

--

--

lsass.io

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store