cbcvebase.
CVE-2018-14918
published 2019-06-28

CVE-2018-14918: LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.

PriorityP180high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
17.98%
96.8th percentile
LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.

Affected

1 ranges
VendorProductVersion rangeFixed in
loyteclgate-902_firmware< 6.4.26.4.2

Detection & IOCsextracted from sources · hover to see the quote

url/webui/file_guest?path=/var/www/documentation/../../../../../etc/passwd&flags=1152
path/webui/file_guest
  • Shodan fingerprinting: search for devices exposing LGATE-902 in HTTP HTML body to identify vulnerable targets
  • FOFA fingerprinting: search for devices with 'lgate-902' in HTTP body
  • Exploit uses HTTP GET to /webui/file_guest with a path traversal sequence and flags=1152 parameter; a successful response (HTTP 200) with 'root:.*:0:0:' in the body confirms /etc/passwd read
  • The traversal payload anchors from /var/www/documentation and uses five ../ sequences to reach filesystem root before targeting /etc/passwd
  • ·Vulnerability affects LOYTEC LGATE-902 firmware version 6.3.2 specifically; verify firmware version before applying detections
  • ·The LFI endpoint is unauthenticated (PR:N, UI:N per CVSS), meaning no credentials are required to exploit it over the network
  • ·Beyond /etc/passwd, the vulnerability can be used to read arbitrary configuration files containing usernames and passwords stored outside the web root

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.