← Advisories

Option CloudGate Insecure Direct Object References Authorization Bypass

Medium

Advisory ID

ZSL-2016-5333

Release Date

25 June 2016

Vendor

Option NV - http://www.option.com

Affected Version

CG0192-11897

CVE

N/A

Tested On

lighttpd 1.4.39, firmware 2.62.4

Summary

The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic unit certified on all major us cellular operators (CDMA/EV-DO and WCDMA/HSPA+). The CloudGate is simple to configure locally or remotely from your PC, tablet or Smartphone.

Description

Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources and functionalities in the system directly, for example APIs, files, upload utilities, device settings, etc.

Proof of Concept

cloudgate_mv.txtTXT

Disclosure Timeline

11.06.2016Vulnerability discovered.

12.06.2016Contact with the vendor.

24.06.2016No response from the vendor.

25.06.2016Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://www.exploit-db.com/exploits/40016/

[2]https://cxsecurity.com/issue/WLB-2016060197

[3]https://packetstormsecurity.com/files/137654

[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/114490

[5]https://exchange.xforce.ibmcloud.com/vulnerabilities/114491

Changelog

25.06.2016Initial release

28.06.2016Added reference [1], [2], [3], [4] and [5]