Detections
Analytics

AVTech Multiple Vulnerabilities

critical Nessus Plugin ID 104102

Language:

Synopsis

The remote AVTech device is affected by mulitple vulnerabilities

Description

The remote AVTech device is affected by multiple vulnerabilities.
Depending on the firmware version the vulnerabilities may include:

 - All user passwords are stored in cleartext

 - The web interface does not use CSRF protections

 - An attacker is able to perform arbitrary HTTP requests through the device without authentication

 - An unauthenticated remote user can execute arbitrary system commands by sending a crafted HTTP request to Search.cgi

 - An unauthenticated remote user can bypass authentication by sending a crafted HTTP request

 - An unauthenticated remote user can download any file from the web root by sending a crafted HTTP request

 - An authenticated user can execute arbitrary system commands by sending a crafted HTTP GET request to CloudSetup.cgi, adcommand.cgi, or PwdGrp.cgi

 These vulnerabilities have been used by the IoT Reaper botnet.

Solution

At time of publication, AVTech had not yet released patches. Users should take precautions to ensure affected devices are not exposed to the internet and that the devices are properly isolated on the local network.

See Also

https://github.com/Trietptm-on-Security/AVTECH

https://www.search-lab.hu/media/vulnerability_matrix.txt

http://www.nessus.org/u?197042fe

Plugin Details

Severity: Critical

ID: 104102

File Name: avtech_unrestricted_download.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 10/23/2017

Updated: 6/26/2020

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 9.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

Required KB Items: installed_sw/AVTech

Vulnerability Publication Date: 10/11/2017