Fanvil X210 V2 Directory Traversal Vulnerability Allowing Unauthenticated File Uploads and Remote Command Execution
Vulnerability
A directory traversal vulnerability has been identified in the Fanvil X210 V2 IP phone, running firmware version 2.12.20. This vulnerability allows unauthenticated attackers on the local network to upload files to arbitrary locations on the device. The uploaded files can be executed as commands, potentially leading to unauthorized modification of system configurations or other unspecified impacts.
Impact
Exploitation of this vulnerability allows for unauthenticated remote command execution on the affected device, giving attackers complete control over it.
Reproduction
To reproduce this vulnerability, upload a file containing shell commands through the device's web application upload function. The file can be directed to the '/webroot/cgi-bin' directory. Once uploaded, the file can be executed via the CGI processor, exploiting the authentication bypass to run the commands on the system.
Remediation
Users are advised to update to firmware version 2.12.22.2, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.