NetNumber Titan Master Path Traversal Vulnerability Allowing Arbitrary File Download
Vulnerability
A path traversal vulnerability has been identified in NetNumber Titan Master version 7.9.1. This vulnerability exists in the 'drp' endpoint and allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the 'path' parameter with base64-encoded payloads containing '../' sequences to bypass authorization and access sensitive system files, such as '/etc/shadow'. The web server operates with elevated privileges, enabling the retrieval of these files.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive system files, potentially allowing for further exploitation of the system.
Reproduction
To reproduce this vulnerability, an authenticated user can send a request to the 'drp' endpoint with a base64-encoded 'path' parameter that includes directory traversal sequences. The encoded payload can be crafted to bypass authorization and access arbitrary files on the server. Once the request is processed, the response will contain the contents of the requested file, demonstrating the successful exploitation of the path traversal vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.