PT-2012-5156 · Wangkongbao · Wangkongbao Cns-1000+1

Dillon Beresford

Published

2012-07-17

Updated

2017-08-29

CVE-2012-4031

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Wangkongbao CNS-1000 and 1100

Description The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to read arbitrary files. The attack can be performed by including a .. (dot dot) in the lang or langid cookie to port 85.

Recommendations For Wangkongbao CNS-1000 and 1100, restrict access to the acloglogin.php file until a patch is available. As a temporary workaround, consider filtering out .. (dot dot) sequences from the lang and langid cookies to prevent directory traversal attacks.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2012-4031

Affected Products

Wangkongbao Cns-1000

Wangkongbao Cns-1100

PT-2012-5156 · Wangkongbao · Wangkongbao Cns-1000+1

CVE-2012-4031

Weakness Enumeration

Related Identifiers

Affected Products

References · 8