CVE-2023-25289
published 2023-05-04CVE-2023-25289: Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows…
PriorityP258high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
7.69%
93.8th percentile
Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| virtualreception | digital_reciptie | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect directory traversal attempts by monitoring HTTP GET requests containing Windows absolute path patterns (e.g., '/c:/' or '/C:/') in the URI, which are characteristic of this vulnerability's exploitation pattern. ↗
- →Monitor for HTTP GET requests targeting sensitive Chrome credential files via path traversal: 'Login Data', 'Cookies', and 'Local State' under the 'receptie' user profile. ↗
- →Monitor for unauthenticated HTTP GET requests to '/visitors.csv' on Virtual Reception appliances, which exposes visitor registration logs. ↗
- →Use Shodan favicon hash 656388049 to identify exposed Virtual Reception appliances on the internet for asset discovery and attack surface monitoring. ↗
- →The vulnerability is unauthenticated; no session token or credential is required. Any HTTP GET request with a Windows absolute path in the URI should be treated as a traversal attempt. ↗
- ·The traversal works by appending Windows absolute paths directly to the server root URL (e.g., '/c:/...'), not via classic '../' sequences. Detection rules must account for this Windows drive-letter path injection pattern. ↗
- ·The affected appliance runs on Windows 7 SP1 (win7sp1_rtm.101119-1850 6.1.7601.1.0.65792) on Intel NUC5i5RY hardware; detections should be scoped to this platform context. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2023-05-04
Published