Introducing Our New Forum and New Mods to You
Floodlight PoE/Wifi APP & Working Modes Tips
Duo 2 Firmware Update and Tips: Better AI Detection & Email Alerts Learn More
New Client with Time-Lapse Function and Hardware Decoding Learn More
15% OFF for RLK16-1200B8/D8 Learn More
Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.
Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).
Could you please fix the following? you can easily get at root with this and I've verified.HIGHGoAhead Embedded Web Server websNormalizeUriPath() Directory Traversal VulnerabilityDescriptionThe remote GoAhead embedded web server is affected by a directory traversal vulnerability due to a flaw in the websNormalizeUriPath() function. A remote, unauthenticated attacker can exploit this flaw to obtain arbitrary files on the affected host.The flaw that allows the directory traversal may also be used to perform a heap-based buffer overflow, potentially allowing code execution or a denial of service condition.SolutionContact the vendor of the device running the GoAhead embedded web server for a fixed version.See Alsohttp://www.nessus.org/u?a935864fhttp://seclists.org/oss-sec/2015/q1/1028OutputNessus was able to exploit the issue to retrieve the contents of'/etc/passwd' using the following request :
I can't put the rest of the article because your forum thinks I'm putting in forbidden data that could crash the site. Just read the link from nessus. THanks
Hi Aniehues,Gohead does have this security risk. so we changed to Njnix two months ago. pls visit our website to get the latest firmware.
Welcome Back!
Hi there! Join the Commnunity to get all the latest news, tips and more!