Secunia Advisory SA45001
Release Date 2011-06-27
Criticality level:Less critical
Impact:Exposure of system information
Exposure of sensitive information
Where:From local network
Solution Status Unpatched
Operating System : DreamBox DM800
Description
A vulnerability has been reported in Dreambox DM800, which can be exploited by malicious people to disclose sensitive information.
Input passed via the "file" parameter to the "file" script is not properly verified before being used to download files. This can be exploited to download arbitrary files from local resources via directory traversal sequences.
The vulnerability is reported in firmware version 4.6.0 2009-12-24.
Solution
Use a firewall or proxy to filter malicious requests.
Bollettino Sicurezza
Release Date 2011-06-27
Criticality level:Less critical
Impact:Exposure of system information
Exposure of sensitive information
Where:From local network
Solution Status Unpatched
Operating System : DreamBox DM800
Description
A vulnerability has been reported in Dreambox DM800, which can be exploited by malicious people to disclose sensitive information.
Input passed via the "file" parameter to the "file" script is not properly verified before being used to download files. This can be exploited to download arbitrary files from local resources via directory traversal sequences.
The vulnerability is reported in firmware version 4.6.0 2009-12-24.
Solution
Use a firewall or proxy to filter malicious requests.
Bollettino Sicurezza
