Details of VAR-200610-0090

ID

VAR-200610-0090

CVE

CVE-2006-5607

TITLE

INCA IM-204 of /cgi-bin/webcm Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2006-002339

DESCRIPTION

Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 allows remote attackers to read arbitrary files via a "/./." (modified dot dot) sequences in the getpage parameter. INCA IM-204 devices are prone to a remote information-disclosure vulnerability because the devices fail to properly sanitize user-supplied input. Exploiting this issue allows remote, unauthenticated attackers to gain access to potentially sensitive configuration information from affected devices. This may aid them in further attacks. This BID may be related to BID 20689; the issues are very similar in nature. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: INCA IM-204 "getpage" Parameter Information Disclosure SECUNIA ADVISORY ID: SA22557 VERIFY ADVISORY: http://secunia.com/advisories/22557/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: INCA IM-204 http://secunia.com/product/12440/ DESCRIPTION: Crackers_Child has reported a vulnerability in INCA IM-204, which can be exploited by malicious people to disclose potential sensitive information. Input passed to the "getpage" parameter in cgi-bin/webcm is not properly verified before being used. This can be exploited to disclose the content of certain files via directory traversal attacks. SOLUTION: Use the device only in a trusted network. PROVIDED AND/OR DISCOVERED BY: Crackers_Child ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-5607 // JVNDB: JVNDB-2006-002339 // BID: 20696 // VULHUB: VHN-21715 // PACKETSTORM: 51362

AFFECTED PRODUCTS

vendor:	inca	model:	im-204 adsl router	scope:	eq	version:	*	Trust: 1.0
vendor:	inca internet	model:	im-204 adsl router	scope:	-	version:	-	Trust: 0.8
vendor:	inca	model:	im-204 adsl router	scope:	-	version:	-	Trust: 0.6
vendor:	inca	model:	im-204 adsl router	scope:	eq	version:	0	Trust: 0.3

sources: BID: 20696 // JVNDB: JVNDB-2006-002339 // CNNVD: CNNVD-200610-525 // NVD: CVE-2006-5607

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-5607
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2006-5607
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200610-525
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-21715
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-5607
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-21715
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-21715 // JVNDB: JVNDB-2006-002339 // CNNVD: CNNVD-200610-525 // NVD: CVE-2006-5607

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5607

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200610-525

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200610-525

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-002339

PATCH

title:

Top page

url:

http://www.incatech.net/

Trust: 0.8

sources: JVNDB: JVNDB-2006-002339

EXTERNAL IDS

db:	NVD	id:	CVE-2006-5607	Trust: 2.5
db:	BID	id:	20696	Trust: 2.0
db:	SECUNIA	id:	22557	Trust: 1.8
db:	VUPEN	id:	ADV-2006-4223	Trust: 1.7
db:	SREASON	id:	1796	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-002339	Trust: 0.8
db:	CNNVD	id:	CNNVD-200610-525	Trust: 0.7
db:	BUGTRAQ	id:	20061023 INCA IM-204 DSL SEVERAL VULNERABILITIES	Trust: 0.6
db:	XF	id:	29815	Trust: 0.6
db:	VULHUB	id:	VHN-21715	Trust: 0.1
db:	PACKETSTORM	id:	51362	Trust: 0.1

sources: VULHUB: VHN-21715 // BID: 20696 // JVNDB: JVNDB-2006-002339 // PACKETSTORM: 51362 // CNNVD: CNNVD-200610-525 // NVD: CVE-2006-5607

REFERENCES

url:	http://www.securityfocus.com/bid/20696/info	Trust: 1.7
url:	http://secunia.com/advisories/22557	Trust: 1.7
url:	http://securityreason.com/securityalert/1796	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/449504/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/4223	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/29815	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5607	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5607	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/29815	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/449504/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/4223	Trust: 0.6
url:	/archive/1/449504	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://corporate.secunia.com/products/48/?r=l	Trust: 0.1
url:	http://secunia.com/product/12440/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/22557/	Trust: 0.1
url:	http://corporate.secunia.com/how_to_buy/15/?r=l	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-21715 // BID: 20696 // JVNDB: JVNDB-2006-002339 // PACKETSTORM: 51362 // CNNVD: CNNVD-200610-525 // NVD: CVE-2006-5607

CREDITS

Discovery is credited to Crackers_Child.

Trust: 0.9

sources: BID: 20696 // CNNVD: CNNVD-200610-525

SOURCES

db:	VULHUB	id:	VHN-21715
db:	BID	id:	20696
db:	JVNDB	id:	JVNDB-2006-002339
db:	PACKETSTORM	id:	51362
db:	CNNVD	id:	CNNVD-200610-525
db:	NVD	id:	CVE-2006-5607

LAST UPDATE DATE

2024-08-14T14:29:05.709000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-21715	date:	2018-10-17T00:00:00
db:	BID	id:	20696	date:	2006-10-24T23:33:00
db:	JVNDB	id:	JVNDB-2006-002339	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200610-525	date:	2006-10-31T00:00:00
db:	NVD	id:	CVE-2006-5607	date:	2018-10-17T21:43:55.660

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-21715	date:	2006-10-30T00:00:00
db:	BID	id:	20696	date:	2006-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2006-002339	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	51362	date:	2006-10-27T18:39:08
db:	CNNVD	id:	CNNVD-200610-525	date:	2006-10-30T00:00:00
db:	NVD	id:	CVE-2006-5607	date:	2006-10-30T23:07:00