CVE-2017-15647
published 2017-10-19CVE-2017-15647: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
PriorityP261high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
26.62%
97.8th percentile
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring HTTP GET requests to /cgi-bin/webproc containing both 'getpage=' pointing to sensitive files (e.g., /etc/passwd, /etc/shadow) and 'var:page=wizardfifth' in the query string. ↗
- →A successful exploitation response will return HTTP 200 and contain the string matching 'root:.*:0:0:' in the body, indicating /etc/passwd contents were disclosed. ↗
- →The crafted var:page value 'wizardfifth' is a consistent attacker-controlled parameter used to bypass input validation in conjunction with directory traversal via getpage. ↗
- ·No vendor patch or workaround is available; FiberHome did not respond to repeated disclosure attempts, leaving all affected devices exposed. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
FiberHome - Directory Traversal
exploitdb·2017-10-13·CVSS 7.5
CVE-2017-15647 [HIGH] FiberHome - Directory Traversal
FiberHome - Directory Traversal
---
## Vulnerability Summary
The following advisory describes a directory traversal vulnerability found in FiberHome routers.
FiberHome Technologies Group “was established in 1974. After continuous and intensive development for over 40 years, its business has been extended to R&D, manufacturing, marketing & sales, engineering service, in 4 major areas: fiber-optic communications, data networking communications, wireless communication, and intelligentizing applications. In particular, it has been providing end-to- end solutions integrated with opto-electronic devices, opticpreforms, fiber & cables, and optical communication systems to many countries around the world.”
## Credit
An independent security researcher has reported this vulnerability to Beyond S
Nuclei
FiberHome Routers - Local File Inclusion
nuclei·CVSS 7.5
CVE-2017-15647 [HIGH] FiberHome Routers - Local File Inclusion
FiberHome Routers - Local File Inclusion
FiberHome routers are susceptible to local file inclusion in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
Template:
id: CVE-2017-15647
info:
name: FiberHome Routers - Local File Inclusion
author: daffainfo
severity: high
description: FiberHome routers are susceptible to local file inclusion in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the system, potentially leading to unauthorized access or information disclosure.
remediation: |
Apply the latest firmware update provided by FiberHome to fix the LFI vulnerability.
reference:
- https://www.exploit-db.com/exploits/44054
- https://
No writeups or analysis indexed.
2017-10-19
Published