This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Directory Traversal in `src/acloglogin.php`. π **Consequences**: Remote attackers can read **arbitrary files** on the server via crafted cookies. Critical data exposure risk!
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: Improper input validation of `lang` and `langid` cookies. π **Flaw**: Allows `..` (dot-dot) sequences to traverse directories, bypassing intended access controls.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: Wangkongbao CNS-1000 and CNS-1100 versions. π **Component**: Specifically the `src/acloglogin.php` script. β οΈ Check your firmware version immediately!
Q4What can hackers do? (Privileges/Data)
π **Attacker Action**: Read sensitive system files. π **Privileges**: Remote, unauthenticated access via port 85. π **Data**: Any file accessible to the web server process.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **LOW**. No authentication required. π― **Vector**: Remote exploitation via HTTP cookies. Easy to trigger for anyone with network access.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Exploit**: **YES**. Public exploits exist (e.g., Exploit-DB #19526). π **Wild Exploitation**: High risk due to available PoCs and public advisories.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for Wangkongbao devices on port 85. π§ͺ **Test**: Send crafted `lang`/`langid` cookies with `..` sequences. π **Indicator**: Look for unexpected file content in responses.
Q8Is it fixed officially? (Patch/Mitigation)
π οΈ **Fix**: Official patches likely available from Wangkongbao. π **Published**: July 2012. β οΈ **Status**: Legacy vulnerability, but critical if unpatched.
Q9What if no patch? (Workaround)
π§ **Workaround**: Block external access to port 85. π« **Mitigation**: Restrict network access to the management interface. π‘οΈ Use WAF rules to block `..` in cookies.
Q10Is it urgent? (Priority Suggestion)
π¨ **Priority**: **HIGH** for legacy systems. π **Urgency**: Critical if exposed to the internet. π **Action**: Patch or isolate immediately. Do not ignore!