Product Roadmap: What's Coming Next Learn More
How ColorX Technology Turn Night into Day Learn More
Reolink App v4.41 Released Learn More
Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.
Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).
Could you please fix the following? you can easily get at root with this and I've verified.HIGHGoAhead Embedded Web Server websNormalizeUriPath() Directory Traversal VulnerabilityDescriptionThe remote GoAhead embedded web server is affected by a directory traversal vulnerability due to a flaw in the websNormalizeUriPath() function. A remote, unauthenticated attacker can exploit this flaw to obtain arbitrary files on the affected host.The flaw that allows the directory traversal may also be used to perform a heap-based buffer overflow, potentially allowing code execution or a denial of service condition.SolutionContact the vendor of the device running the GoAhead embedded web server for a fixed version.See Alsohttp://www.nessus.org/u?a935864fhttp://seclists.org/oss-sec/2015/q1/1028OutputNessus was able to exploit the issue to retrieve the contents of'/etc/pa*swd' using the following request :
I can't put the rest of the article because your forum thinks I'm putting in forbidden data that could crash the site. Just read the link from nessus. THanks
Hi Aniehues,Gohead does have this security risk. so we changed to Njnix two months ago. pls visit our website to get the latest firmware.
Welcome Back!
Hi there! Join the Commnunity to get all the latest news, tips and more!