File Path Traversal

05 Jan 2018

Cambium Network Updater Tool (CNUT) – Unauthenticated File Path Traversal

Cambium Network Updater Tool (CNUT) - File Path Traversal

This 0-day report was submitted to Cambium via Beyond Trust's SSD program and resolved back in November 2017. Forgot to push this out. Publishing the report now.

Cambium Network Updater Tool (CNUT) - Official Cambium software tool to manage Cambium Devices

The Network Updater Tool is a free-of-charge tool that applies packages to upgrade the device types that the release notes for the release that you are using list as supported. Because this tool is available, an operator does not need to visit each module in the network or even each AP where they would otherwise use the SM Autoupdate capability of the radios.

Vulnerable versions – 4.11.2 - (current at the time of reporting)

Fixed - versions > 4.11.2

Vulnerability Summary
It is possible for an un-authenticated user to read arbitrary files off of the file system.

Read on for details.

Read more

25 Mar 2017

[ICS] LAquis SCADA Path Traversal Vulnerability

ICS-CERT published a new advisory on one of my reports recently –
https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01

LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA Access Control Vulnerability
Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME
Equipment: LAquis SCADA
Vulnerability: Path Traversal

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01

CVE-ID
CVE-2017-6020

Read on for details.

Read more