Описание
An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:lg:gamp-7100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:gamp-7100:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:lg:gapm-7200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:gapm-7200:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:lg:gapm-8000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:gapm-8000:-:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00805
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log.
EPSS
Процентиль: 74%
0.00805
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306