CVE-2018-14916
published 2019-06-28CVE-2018-14916: LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.
PriorityP269critical9.1CVSS 3.0
AVNACLPRNUINSUCNIHAH
EXPLOIT
EPSS
17.20%
96.7th percentile
LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| loytec | lgate-902_firmware | < 6.4.2 | 6.4.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Send a GET request to /webui/file_guest with a path parameter containing a directory traversal sequence targeting /etc/passwd; a 200 response containing 'root:[x*]:0:0' confirms exploitation. ↗
- →The traversal payload uses /var/www/documentation/ as the base path and escapes five directory levels to reach /etc/passwd; monitor for this pattern in HTTP access logs on LGATE-902 devices. ↗
- →The query parameter 'flags=1152' is consistently present in the exploit request and can serve as an additional detection signal alongside the traversal path. ↗
- ·The vulnerability affects LOYTEC LGATE-902 devices running firmware version 6.3.2 (NVD) / prior to 6.4.2 (Nuclei template); the exploit path and flags value may differ on other firmware versions. ↗
- ·The Nuclei template targets unauthenticated access (PR:N), meaning no credentials are required; detections should cover unauthenticated GET requests to /webui/file_guest. ↗
CVSS provenance
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.09.4CRITICALAV:N/AC:L/Au:N/C:N/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Loytec LGATE-902 <6.4.2 - Local File Inclusion
nuclei·CVSS 9.1
CVE-2018-14916 [CRITICAL] Loytec LGATE-902 <6.4.2 - Local File Inclusion
Loytec LGATE-902 <6.4.2 - Local File Inclusion
Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability.
Template:
id: CVE-2018-14916
info:
name: Loytec LGATE-902 <6.4.2 - Local File Inclusion
author: 0x_Akoko
severity: critical
description: Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the device.
remediation: |
Upgrade the Loytec LGATE-902 device to version 6.4.2 or later to mitigate the vulnerability.
reference:
- https://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-14916
- http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Tra
http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.htmlhttp://seclists.org/fulldisclosure/2019/Apr/12https://seclists.org/fulldisclosure/2019/Apr/12http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.htmlhttp://seclists.org/fulldisclosure/2019/Apr/12https://seclists.org/fulldisclosure/2019/Apr/12
2019-06-28
Published