Sign-up

ID

VAR-201105-0313


TITLE

Vordel Gateway Directory Traversal Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2011-1999 // BID: 47975

DESCRIPTION

The Vordel XML gateway is an XML gateway device. There is a problem with the Vordel XML gateway management interface. A remote attacker can send a URL request for a directory traversal sequence to port 8090, bypassing the WEB ROOT limit, and gain access to passwords and configuration files. Vordel Gateway is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. A remote attacker could exploit this vulnerability using directory-traversal strings (such as '../') to gain access to arbitrary files on the targeted system. This may result in the disclosure of sensitive information or lead to a complete compromise of the affected computer. Vordel Gateway 6.0.3 is vulnerable; other versions may also be affected

Trust: 0.81

sources: CNVD: CNVD-2011-1999 // BID: 47975

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2011-1999

AFFECTED PRODUCTS

vendor:vordelmodel:limited vordel gatewayscope:eqversion:6.0.3

Trust: 0.9

vendor:vordelmodel:limited vordel gatewayscope:neversion:6.1

Trust: 0.3

sources: CNVD: CNVD-2011-1999 // BID: 47975

THREAT TYPE

network

Trust: 0.3

sources: BID: 47975

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 47975

PATCH

title:Vordel Gateway directory traversal vulnerability patchurl:https://www.cnvd.org.cn/patchinfo/show/3963

Trust: 0.6

sources: CNVD: CNVD-2011-1999

EXTERNAL IDS

db:BIDid:47975

Trust: 0.9

db:CNVDid:CNVD-2011-1999

Trust: 0.6

sources: CNVD: CNVD-2011-1999 // BID: 47975

REFERENCES

url:https://www.upsploit.com/index.php/advisories/view/ups-2011-0023

Trust: 0.9

url:http://www.vordel.com/

Trust: 0.3

sources: CNVD: CNVD-2011-1999 // BID: 47975

CREDITS

Brian W. Gary

Trust: 0.3

sources: BID: 47975

SOURCES

db:CNVDid:CNVD-2011-1999
db:BIDid:47975

LAST UPDATE DATE

2022-05-17T02:01:22.053000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-1999date:2011-05-26T00:00:00
db:BIDid:47975date:2011-05-25T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2011-1999date:2011-05-26T00:00:00
db:BIDid:47975date:2011-05-25T00:00:00