← Advisories

DreamBox DM500(+) Arbitrary File Download Vulnerability

Medium

Advisory ID

ZSL-2011-5013

Release Date

13 May 2011

Vendor

Dream Multimedia GmbH - http://www.dream-multimedia-tv.de

Affected Version

DM500, DM500+, DM500HD and DM500S

CVE

N/A

Tested On

Linux Kernel 2.6.9, The Gemini Project, Enigma

Summary

The Dreambox is a series of Linux-powered DVB satellite, terrestrial and cable digital television receivers (set-top box).

Description

Dreambox suffers from a file download vulnerability thru directory traversal with appending the '/' character in the HTTP GET method of the affected host address. The attacker can get to sensitive information like paid channel keys, usernames, passwords, config and plug-ins info, etc.

Proof of Concept

dreambox_fd.txtTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://packetstormsecurity.org/files/101385

[2]http://www.exploit-db.com/exploits/17279/

[3]http://www.securityfocus.com/bid/47844

[4]http://securityreason.com/exploitalert/10427

[5]http://xforce.iss.net/xforce/xfdb/67456

[6]http://www.vfocus.net/art/20110517/9000.html

[7]http://secunia.com/advisories/31650/

Changelog

13.05.2011Initial release

16.05.2011Added reference [4] and [5]

17.05.2011Added reference [6]

27.06.2011Added reference [7]