PT-2001-2010 · Leoboard · Leoboard Lb5000

Published

2001-11-22

Updated

2016-10-18

CVE-2001-0842

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Leoboard LB5000 and LB5000II versions 1029 and earlier

Description A directory traversal issue exists in the Search.cgi component, allowing remote attackers to overwrite files and gain privileges. This is achieved by using .. (dot dot) sequences in the amembernamecookie cookie.

Recommendations For versions 1029 and earlier, consider restricting access to the Search.cgi component until a fix is available. As a temporary workaround, avoid using the amembernamecookie cookie in the Search.cgi endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0842

Affected Products

Leoboard Lb5000

PT-2001-2010 · Leoboard · Leoboard Lb5000

CVE-2001-0842

Related Identifiers

Affected Products

References · 4