[Update 03/03/2023] Multiple vulnerabilities in Generex UPS CS141

Posted date
24/02/2023
Importance
5 - Crítica
Affected Resources
  • UPS CS141, versions lower than 2.06
Description

INCIBE has coordinated the publication of 7 vulnerabilities in Generex UPS CS141 adapter, which has been discovered by Joel Gámez Molina (@JoelGMSec).

These vulnerabilities have been assigned the following codes:

  • CVE-2022-47186. Base score CVSS v3.1 of 7,5, being the CVSS string: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.
  • CVE-2022-47187. Base score CVSS v3.1 of 5,3, being the CVSS string: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.
  • CVE-2022-47188. Base score CVSS v3.1 of 7,5, being the CVSS string: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.
  • CVE-2022-47189. Base score CVSS v3.1 of 7,5, being the CVSS string: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.
  • CVE-2022-47190. Base score CVSS v3.1 of 10,0, being the CVSS string: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
  • CVE-2022-47191. Base score CVSS v3.1 of 4,3, being the CVSS string: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.
  • CVE-2022-47192. Base score CVSS v3.1 of 8,8, being the CVSS string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Solution
Detail
  • CVE-2022-47186
    • An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.
    • The vulnerability type is CWE-434: Unrestricted Upload of File with Dangerous Type.
  • CVE-2022-47187
    • The web application allows file uploads, which may allow an attacker to upload a file with HTML content in which an XSS payload can be injected.
    • The vulnerability type is CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
  • CVE-2022-47188
    • There is an arbitrary file reading vulnerability. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
    • The vulnerability type is CWE-20: Improper Input Validation.
  • CVE-2022-47189
    • An attacker could upload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.
    • The vulnerability type is CWE-20: Improper Input Validation.
  • CVE-2022-47190
    • A remote attacker could upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.
    • The vulnerability type is CWE-20: Improper Input Validation.
  • CVE-2022-47191
    • A remote attacker could upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.
    • The vulnerability type is CWE-20: Improper Input Validation.
  • CVE-2022-47192
    • A remote attacker, could upload a backup file containing a modified "users.json" to the web server of Generex CS141 device, allowing him to replace the administrator password.
    • The vulnerability type is CWE-20: Improper Input Validation.

If you have any information regarding this advisory, please contact INCIBE as indicated in the 'CVE assignment and publication'.

Encuesta valoración

Go top