JUNG Smart Panel KNX Unauthenticated Path Traversal Vulnerability

A path traversal vulnerability has been identified in the JUNG Smart Panel KNX firmware versions through L1.12.22. This vulnerability exists in the embedded web interface, where the application does not properly validate file path inputs. As a result, remote, unauthenticated attackers can access arbitrary files on the underlying filesystem within the context of the web server. Exploitation of this vulnerability may lead to the disclosure of system configuration files and other sensitive information.

Impact

Exploitation of this vulnerability allows for unauthorized access to files on the server, potentially leading to the exposure of sensitive information and system configurations.

Reproduction

The vulnerability can be reproduced by sending a request to the embedded web interface with a crafted file path that exploits the path traversal flaw. This can be done using a web browser or a tool that allows for HTTP request manipulation. The server will then return the contents of the accessed file, demonstrating the unauthorized file access.