AVTech Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote AVTech device is affected by mulitple vulnerabilities

Description :

The remote AVTech device is affected by multiple vulnerabilties.
Depending on the firmware version the vulnerabilities may include:

- All user passwords are stored in cleartext

- The web interface does not use CSRF protections

- An attacker is able to perform arbitrary HTTP requests
through the device without authentication

- An unauthenticated remote user can execute arbitrary
system commands by sending a crafted HTTP request to
Search.cgi

- An unauthenticated remote user can bypass
authentication by sending a crafted HTTP request

- An unauthenticated remote user can download any file
from the web root by sending a crafted HTTP request

- An authenticated user can execute arbitrary system
commands by sending a crafted HTTP GET request to
CloudSetup.cgi, adcommand.cgi, or PwdGrp.cgi

These vulnerabilities have been used by the IoT Reaper botnet.

See also :

https://github.com/Trietptm-on-Security/AVTECH
http://www.search-lab.hu/media/vulnerability_matrix.txt
http://www.nessus.org/u?197042fe

Solution :

At time of publication, AVTech had not yet released patches. Users
should take precautions to ensure affected devices are not exposed
to the internet and that the devices are properly isolated on the
local network.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.5
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 104102 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now