CVE-2018-14918
published 2019-06-28CVE-2018-14918: LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.
PriorityP180high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
17.98%
96.8th percentile
LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| loytec | lgate-902_firmware | < 6.4.2 | 6.4.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Shodan fingerprinting: search for devices exposing LGATE-902 in HTTP HTML body to identify vulnerable targets ↗
- →FOFA fingerprinting: search for devices with 'lgate-902' in HTTP body ↗
- →Exploit uses HTTP GET to /webui/file_guest with a path traversal sequence and flags=1152 parameter; a successful response (HTTP 200) with 'root:.*:0:0:' in the body confirms /etc/passwd read ↗
- →The traversal payload anchors from /var/www/documentation and uses five ../ sequences to reach filesystem root before targeting /etc/passwd ↗
- ·Vulnerability affects LOYTEC LGATE-902 firmware version 6.3.2 specifically; verify firmware version before applying detections ↗
- ·The LFI endpoint is unauthenticated (PR:N, UI:N per CVSS), meaning no credentials are required to exploit it over the network ↗
- ·Beyond /etc/passwd, the vulnerability can be used to read arbitrary configuration files containing usernames and passwords stored outside the web root ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3vf7-8mpc-5rrc: LOYTEC LGATE-902 6
ghsa_unreviewed·2022-05-24
CVE-2018-14918 [HIGH] CWE-22 GHSA-3vf7-8mpc-5rrc: LOYTEC LGATE-902 6
LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.
VulnCheck
loytec lgate-902_firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2018·CVSS 7.5
CVE-2018-14918 [HIGH] loytec lgate-902_firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
loytec lgate-902_firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.
Affected: loytec lgate-902_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-26&host_type=src&vulnerability=cve-2018-14918; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-11&host_type=src&vulnerability=cve-2018-14918; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-25&host_type=src&vulnerability=cve-2018-14918; https://dashboard
No detection rules found.
Nuclei
LOYTEC LGATE-902 6.3.2 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2018-14918 [HIGH] LOYTEC LGATE-902 6.3.2 - Local File Inclusion
LOYTEC LGATE-902 6.3.2 - Local File Inclusion
LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories (including critical system files) that are stored outside the root folder of the web application running on the device. This can be used to read and configuration files containing, e.g., usernames and passwords.
Template:
id: CVE-2018-14918
info:
name: LOYTEC LGATE-902 6.3.2 - Local File Inclusion
author: 0x_Akoko
severity: high
description: |
LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories (including critical system files) that are stored outside the root folder of the web applicati
http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.htmlhttp://seclists.org/fulldisclosure/2019/Apr/12https://seclists.org/fulldisclosure/2019/Apr/12http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.htmlhttp://seclists.org/fulldisclosure/2019/Apr/12https://seclists.org/fulldisclosure/2019/Apr/12
2019-06-28
Published
Exploited in the wild