Navigation

    Home
    All Categories
    • KEEN Trail Camera
    • Top #ReolinkCaptures Awards
    • Announcements and News
    • Wishlist
    • #ReolinkTrial
    • Discussion About Products
    • Reolink Captures
    • Reolink Client & APP
    #ReolinkTrial
    Reolink Captures
    Log in to post
    Guest
    • Guest
    • Register
    • Login

    Learn More

    Reolink updates Learn More

    Meet Reolink at IFA 2024! Learn More

    Reolink Q&A Learn More

    security hole...bad one.

    Discussion About Products
    4
    6
    1142
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Guest
      Anonymous last edited by

      Could you please fix the following? you can easily get at root with this and I've verified.

      HIGHGoAhead Embedded Web Server websNormalizeUriPath() Directory Traversal Vulnerability
      Description

      The remote GoAhead embedded web server is affected by a directory traversal vulnerability due to a flaw in the websNormalizeUriPath() function. A remote, unauthenticated attacker can exploit this flaw to obtain arbitrary files on the affected host.

      The flaw that allows the directory traversal may also be used to perform a heap-based buffer overflow, potentially allowing code execution or a denial of service condition.
      Solution

      Contact the vendor of the device running the GoAhead embedded web server for a fixed version.
      See Also

      http://www.nessus.org/u?a935864f
      http://seclists.org/oss-sec/2015/q1/1028
      Output
      Nessus was able to exploit the issue to retrieve the contents of
      '/etc/passwd' using the following request :

      Reply Quote
      Share
      • Share this Post
      • Facebook
      • Twitter
      • copy the link
        Copied!
      0
        View 0 replies
      • Guest
        Anonymous last edited by

        I can't put the rest of the article because your forum thinks I'm putting in forbidden data that could crash the site. Just read the link from nessus. THanks

        Reply Quote
        Share
        • Share this Post
        • Facebook
        • Twitter
        • copy the link
          Copied!
        0
          View 0 replies
        • Guest
          Anonymous last edited by

          Hi Aniehues,

          Gohead does have this security risk. so we changed to Njnix two months ago. pls visit our website to get the latest firmware.

          Reply Quote
          Share
          • Share this Post
          • Facebook
          • Twitter
          • copy the link
            Copied!
          0
            • user_731045746307225_731045746307225
              formerberserk @Anonymous last edited by

              @drift hunters I can't finish my post since your forum has warned me that using the following code might cause the server to crash. Follow nessus's link and find out. THanks

              Reply Quote
              Share
              • Share this Post
              • Facebook
              • Twitter
              • copy the link
                Copied!
              0
              • joseph_1979
                Joseph Global Moderator @formerberserk last edited by

                @user_731045746307225_731045746307225 What is your issue?

                Reply Quote
                Share
                • Share this Post
                • Facebook
                • Twitter
                • copy the link
                  Copied!
                0
                View 0 replies
              • dariaamanda769_610618740904624
                dariaamanda769 last edited by

                This post is deleted!
                Reply Quote
                Share
                0
                  View 0 replies
                • First post
                  Last post
                All Categories
                Announcements and News Reolink Client & APP Discussion About Products #ReolinkTrial Reolink Captures Wishlist KEEN Trail Camera
                Never miss Reolink hot deals, news, and updates tailored for you.

                Thanks for your subscription!

                Please enter a valid email address.

                Oops… Something went wrong. Please try again later.

                You are already subscribed to this email list. :)

                Submission failed. Please try again later.

                Reolink Store|Support|About Us|Privacy Policy|Terms and Conditions

                Copyright 2025 © Reolink All Rights Reserved.

                Welcome Back!

                Hi there! Join the Commnunity to get all the latest news, tips and more!

                Join Now