Exploits / Vulnerability Discovered : 2021-07-21 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Kevinlab bems 1.0 file path traversal information disclosure (authenticated) is for educational purposes only and if it is used you will do on your own risk!
Vendor: KevinLAB Inc.
Product web page: http://www.kevinlab.com
Affected version: 4ST L-BEMS 1.0.0 (Building Energy Management System)
Summary: KevinLab is a venture company specialized in IoT, Big Data, A.I based energy
management platform. KevinLAB's BEMS (Building Energy Management System) enables
efficient energy management in buildings. It improves the efficient of energy use
by collecting and analyzing various information of energy usage and facilities in
the building. It also manages energy usage, facility efficiency and indoor environment
control.
Desc: The BEMS suffers from an authenticated arbitrary file disclosure vulnerability.
Input passed through the 'page' GET parameter in index.php is not properly verified
before being used to include files. This can be exploited to disclose the contents
of arbitrary and sensitive files via directory traversal attacks.
Tested on: Linux CentOS 7
Apache 2.4.6
Python 2.7.5
PHP 5.4.16
MariaDB 5.5.68
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience