"LG.Smart.IP.Camera.Unauthenticated.Backup.File.Download"
- 特征库ID:
48068
- 漏洞级别:
high
- CVE ID:
CVE-2018-16946
- 建议的动作:
drop
- 受影响的系统:
Windows,Linux,BSD,Solaris,MacOS
- 协议:
tcp
攻击漏洞描述
这表明针对多个 LG 智能 IP 摄像机中的任意文件下载漏洞的攻击尝试。该漏洞是由于在处理精心设计的 HTTP 请求时对用户提供的输入的清理不足。通过精心设计的 HTTP 请求,它允许未经身份验证的远程攻击者下载易受攻击的系统备份文件,从而导致信息泄露,这些信息可用于进一步破坏目标系统。
影响范围
LNB5110 with firmware from version 1310250 to version 1508190
LNB5320 with firmware from version 1310250 to version 1508190
LNB5320R with firmware from version 1310250 to version 1508190
LNB7210 with firmware from version 1310250 to version 1508190
LND3230R with firmware from version 1310250 to version 1508190
LND5110 with firmware from version 1310250 to version 1508190
LND5110R with firmware from version 1310250 to version 1508190
LND5220R with firmware from version 1310250 to version 1508190
LND7210 with firmware from version 1310250 to version 1508190
LND7210R with firmware from version 1310250 to version 1508190
LNU3230R with firmware from version 1310250 to version 1508190
LNU5110R with firmware from version 1310250 to version 1508190
LNU5320R with firmware from version 1310250 to version 1508190
LNU7210R with firmware from version 1310250 to version 1508190
LNV5110R with firmware from version 1310250 to version 1508190
LNV5320R with firmware from version 1310250 to version 1508190
LNV7210 with firmware from version 1310250 to version 1508190
LNV7210R with firmware from version 1310250 to version 1508190
可能带来的后果
信息泄露:远程攻击者可以从易受攻击的系统中获取敏感信息。
解决办法
目前,我们不知道有任何供应商为此问题提供了补丁。
