Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DBLTek GoIP-1 vGHSFVT-1.1-67-5 Unauthenticated LFI
Vulnerability Description
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that accept a path parameter (`content` or `sidebar`) which is not properly validated or canonicalized. An attacker can supply directory-traversal sequences to cause the server to read and return arbitrary filesystem files that the webserver user can access. Other GoIP models and firmware versions are likely affected. Exploitation evidence was observed by the Shadowserver Foundation on 2024-03-21 UTC.
CVSS Information
N/A
Vulnerability Type
PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含)
Vulnerability Title
DBLTek GoIP-1 安全漏洞
Vulnerability Description
DBLTek GoIP-1是中国得伯乐(DBLTek)公司的一个网关设备。 DBLTek GoIP-1 GHSFVT-1.1-67-5及之前版本存在安全漏洞,该漏洞源于本地文件包含问题,可能导致读取任意文件系统文件。
CVSS Information
N/A
Vulnerability Type
N/A