CVE-2022-4982
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (frame.html and frame.A100.html) that accept a path parameter (content or sidebar) which is not properly validated or canonicalized. An attacker can supply directory-traversal sequences to cause the server to read and return arbitrary filesystem files that the webserver user can access. Other GoIP models and firmware versions are likely affected. Exploitation evidence was observed by the Shadowserver Foundation on 2024-03-21 UTC.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| DBL Technology (DBLTek) | GoIP-1 | 0 <= GHSFVT-1.1-67-5 | affected |
Weaknesses
- CWE-98: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
Additional References
References
- https://shufflingbytes.com/posts/hacking-goip-gsm-gateway/
- https://www.exploit-db.com/exploits/50775
- http://www.dbltek.com/
- https://www.vulncheck.com/advisories/dbltek-goip-unauthenticated-lfi
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.