VIR Vulnerability Intelligence Relay

CVE-2017-15647

high
Published 2017-10-19 · Modified 2026-05-13
💬 Discuss on Community ✚ Propose mitigation
CVSS v3
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v4 NEW
not yet in upstream
VIR risk
8.5

Description

On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.

Predictions

Exploit likelihood
83%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-44054 webapps linux text · 1 KB
SecuriTeam · 2017-10-13

FiberHome - Directory Traversal

text exploit Source: Exploit-DB 
## Vulnerability Summary
The following advisory describes a directory traversal vulnerability found in FiberHome routers.

FiberHome Technologies Group “was established in 1974. After continuous and intensive development for over 40 years, its business has been extended to R&D, manufacturing, marketing & sales, engineering service, in 4 major areas: fiber-optic communications, data networking communications, wireless communication, and intelligentizing applications. In particular, it has been providing end-to- end solutions integrated with opto-electronic devices, opticpreforms, fiber & cables, and optical communication systems to many countries around the world.”

## Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

## Vendor response
Update 1:

Cve issued: CVE-2017-15647

We tried to contact FiberHome since September 6 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for the vulnerability.

## Vulnerability details
User controlled input is not sufficiently sanitized when passed to /cgi-bin/webproc.

/cgi-bin/webproc receives getpage= as parameter input.

When we pass the directory of a file as a parameter input with parameter var:page, we will get the file from the router.

## Proof of Concept

```
http://+IP+ /cgi-bin/webproc?getpage=/etc/shadow&var:language=en_us&var:page=wizardfifth
```

References

CWEs

CWE-22

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.