Since this vulnerability affects practically multiple devices that have the GoAhead web server (these devices appear to implement old versions of GoAhead), there is no one company you can report these vulnerabilities to or get them addressed – further the majority of the products that are vulnerable are OEM products with no real “vendor” behind them. We at Beyond Security, are unsure about this, but as none of the camera vendors responded, we are left in the dark at the root cause for the vulnerability. Update: The vendor (GoAhead) claims the vulnerability is not in his product, but rather in the camera vendor’s code. Update #2: The vulnerability of the “/” less access causing file disclosure dates back to 2004,, I cannot find any indication when GoAhead fixed it – in any case it is still present in 2017 in devices that use the GoAhead server. Through this disclosure attack, an attacker can view the credentials required to access the device.Īn independent security researcher Istvan Toth has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
As most embedded devices do not run a SQL (or SQL-like) daemon, the credentials for authentication are stored inside the file being accessed. The vulnerability allows a remote unauthenticated attacker to disclose the content of the file being accessed.
The GoAhead web server is present on multiple embedded devices, from IP Cameras to Printers and other embedded devices. The following advisory describes an arbitrary file content disclosure vulnerability found in GoAhead web server.
0 kommentar(er)
