cbcvebase.
CVE-2018-14916
published 2019-06-28

CVE-2018-14916: LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.

PriorityP269critical9.1CVSS 3.0
AVNACLPRNUINSUCNIHAH
EXPLOIT
EPSS
17.20%
96.7th percentile
LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.

Affected

1 ranges
VendorProductVersion rangeFixed in
loyteclgate-902_firmware< 6.4.26.4.2

Detection & IOCsextracted from sources · hover to see the quote

url/webui/file_guest?path=/var/www/documentation/../../../../../etc/passwd&flags=1152
path/webui/file_guest
  • Send a GET request to /webui/file_guest with a path parameter containing a directory traversal sequence targeting /etc/passwd; a 200 response containing 'root:[x*]:0:0' confirms exploitation.
  • The traversal payload uses /var/www/documentation/ as the base path and escapes five directory levels to reach /etc/passwd; monitor for this pattern in HTTP access logs on LGATE-902 devices.
  • The query parameter 'flags=1152' is consistently present in the exploit request and can serve as an additional detection signal alongside the traversal path.
  • ·The vulnerability affects LOYTEC LGATE-902 devices running firmware version 6.3.2 (NVD) / prior to 6.4.2 (Nuclei template); the exploit path and flags value may differ on other firmware versions.
  • ·The Nuclei template targets unauthenticated access (PR:N), meaning no credentials are required; detections should cover unauthenticated GET requests to /webui/file_guest.

CVSS provenance

nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.09.4CRITICALAV:N/AC:L/Au:N/C:N/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.