CVE-2016-5639
published 2016-08-03CVE-2016-5639: Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read…
PriorityP264high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
20.84%
97.2th percentile
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| crestron | airmedia_am-100_firmware | <= 1.4.0.12 | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://[AM-100-ADDRESS]/cgi-bin/login.cgi?lang=en&src=../../../../../../../../../../../../../../../../../../../../etc/shadow↗
- →Detect path traversal attempts targeting /cgi-bin/login.cgi with a 'src' parameter containing dot-dot sequences (../) to read arbitrary files such as /etc/shadow. ↗
- →Monitor for HTTP GET requests to /cgi-bin/login.cgi where the 'src' query parameter contains repeated '../' sequences indicative of directory traversal. ↗
- →Alert on any HTTP access to the hidden management endpoint /cgi-bin/login_rdtool.cgi, which exposes file upload and telnet enablement capabilities. ↗
- →Monitor for unexpected telnet connections on port 5885, which can be enabled via the hidden rdtool management interface (RD Debug mode). ↗
- →Inspect session files on the filesystem (session01, session02, etc.) for cleartext credential exposure, which may indicate post-exploitation activity. ↗
- ·Vulnerability affects firmware versions v1.1.1.11 through v1.2.1; devices running firmware 1.4.0.13 or later are not affected by the path traversal. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.kb.cert.org/vuls/id/603047http://www.securityfocus.com/bid/92216https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-001.mdhttps://www.exploit-db.com/exploits/40813/http://www.kb.cert.org/vuls/id/603047http://www.securityfocus.com/bid/92216https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-001.mdhttps://www.exploit-db.com/exploits/40813/
2016-08-03
Published