ID
VAR-E-201004-1520
TITLE
Iomega Home Media Network Hard Drive 'smbwebclient.php' Authentication Bypass Vulnerability
Trust: 0.3
DESCRIPTION
Iomega Home Media Network Hard Drive is prone to an authentication-bypass vulnerability.
Attackers can leverage this issue to gain full browser-based read/write access to any visible shares on the device itself or the rest of the device's local network without proper authentication. Successful exploits may lead to other attacks.
This issue affects the Iomega Home Media Network Hard Drive Firmware versions 2.038 - 2.061.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | iomega | model: | home media network hard drive | scope: | eq | version: | 2.061 | Trust: 0.3 |
| vendor: | iomega | model: | home media network hard drive | scope: | eq | version: | 2.038 | Trust: 0.3 |
| vendor: | iomega | model: | home media network hard drive | scope: | ne | version: | 2.063 | Trust: 0.3 |
EXPLOIT
Attackers may launch attacks through a browser.
The following example URIs are available:
http://www.example.com/cgi-bin/smbwebclient.php?path=WORKGROUP%2F[DEVICE NAME]
http://www.example.com/cgi-bin/smbwebclient.php
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Access Validation Error
Trust: 0.3
CREDITS
fizix610
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 39474 | Trust: 0.3 |
REFERENCES
| url: | https://iomega-na-en.custhelp.com/cgi-bin/iomega_na_en.cfg/php/enduser/std_adp.php?p_faqid=21149&p_created=1231204221&p_sid=adbeoozj&p_accessibility=&p_redirect=&p_lva=&p_sp=cf9zcmnopszwx3nvcnrfynk9jn | Trust: 0.3 |
| url: | http://www.iomega.com/global_landing.html | Trust: 0.3 |
SOURCES
| db: | BID | id: | 39474 |
LAST UPDATE DATE
2022-07-27T09:38:33.236000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 39474 | date: | 2010-04-14T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 39474 | date: | 2010-04-14T00:00:00 |