MAC 1200R - Directory Traversal

vendor:

MAC 1200R

by:

Chunlei Shang, Jiangsu Public Information Co., Ltd.

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: MAC 1200R

Affected Version From: all versions

Affected Version To: all versions

Patch Exists: YES

Related CWE: CVE-2021-27825

CPE: a:mercury_communications:mac_1200r

Metasploit: https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2020-27825/

Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=146631, https://www.infosecmatter.com/nessus-plugin-library/?id=157144, https://www.infosecmatter.com/nessus-plugin-library/?id=146470, https://www.infosecmatter.com/nessus-plugin-library/?id=146511, https://www.infosecmatter.com/nessus-plugin-library/?id=146512

Platforms Tested: all versions

2023

MAC 1200R – Directory Traversal

Attackers can easily find the targets through various search engines with keywords 'MAC1200R' && port='8888'. Open the affected website like 'http://IP:8888/web-static/'. For example: http://60.251.151.2:8888/web-static/, http://222.215.15.70:8888/web-static/, http://60.251.151.2:8888/web-static/../../../../../../../../../../../../../../etc/passwd. Attackers can use the directory traversal vulnerability to access the sensitive files on the server.

Mitigation:

Ensure that user input is validated and sanitized to prevent directory traversal attacks.

Source

MAC 1200R – Directory Traversal

Mitigation:

Exploit-DB raw data: