PT-2020-7730 · Farlinx · Farlinx X25 Gateway

Eldar Marcussen

Published

2020-06-01

Updated

2020-06-02

CVE-2014-7175

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions FarLinX X25 Gateway versions through 2014-09-25

Description The issue allows attackers to write arbitrary data to fsUI.xyz via the fsSaveUIPersistence.php endpoint. This can be exploited by sending malicious data to the fsSaveUIPersistence.php endpoint, potentially leading to unauthorized access or data modification.

Recommendations For FarLinX X25 Gateway versions through 2014-09-25, consider restricting access to the fsSaveUIPersistence.php endpoint until a fix is available. As a temporary workaround, avoid using the fsSaveUIPersistence.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2014-7175

Affected Products

Farlinx X25 Gateway

PT-2020-7730 · Farlinx · Farlinx X25 Gateway

CVE-2014-7175

Weakness Enumeration

Related Identifiers

Affected Products

References · 3