avm fritz!dsl igd control service 2.2.29 - Directory Traversal Information Disclosure
| EKU-ID: 34650 | CVE: CVE-2007-0357;OSVDB-32866 | OSVDB-ID: |
| Author: DPR | Published: 2007-01-17 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 34650 | CVE: CVE-2007-0357;OSVDB-32866 | OSVDB-ID: |
| Author: DPR | Published: 2007-01-17 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/22093/info The AVM Fritz!DSL IGD Control Service is prone to a remote information-disclosure vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue allows remote, unauthenticated attackers to retrieve the contents of arbitrary files from vulnerable computers with SYSTEM-level privileges. Information harvested may aid in further attacks. http://www.example.com:49001/..%5C..%5C..%5Cwindows%5Csystem.ini