Fanvil X210 V2 Unauthenticated Arbitrary File Upload Vulnerability

A file upload vulnerability exists in the Fanvil X210 V2 IP phone running firmware 2.12.20. This vulnerability allows unauthenticated attackers on the local network to upload arbitrary files to the device's filesystem. The issue arises because the web application used for device configuration does not properly validate or sanitize file paths in upload requests. Exploitation of this vulnerability could lead to unauthorized modification of the device's behavior, as the web service operates with root privileges.

Impact

Exploitation of this vulnerability allows for arbitrary file writing on the device, with the potential to disrupt normal functionality.

Reproduction

The vulnerability can be reproduced by sending a POST request to the device's web server, specifically to the upload endpoint of the web configuration page. The request must include a file in the multipart form data, specifying an arbitrary destination path. The web server, which handles the upload as the root user, will write the file to the specified location without proper validation.

Remediation

Users are advised to update to firmware version 2.12.22.2, which addresses this vulnerability.