HooToo HT-TM06 TripMate Elite Web Server 'protocol.csp' HTTP Cookie Header Handling RCE

medium Nessus Plugin ID 101111

Synopsis

The remote router is affected by a remote code execution vulnerability.

Description

The HooToo TripMate web interface running on the remote host is affected by a remote code execution vulnerability in the ioos web server (vshttpd) due to improper validation of overly long strings passed via the HTTP cookie header to protocol.csp. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.

Solution

Upgrade to firmware version 2.000.038 or later.

See Also

http://debugtrap.com/2017/05/09/tm06-vulnerabilities2/

Plugin Details

Severity: Medium

ID: 101111

File Name: hootoo_overflow.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 6/29/2017

Updated: 11/12/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.3

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2017-9025

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:X

Vulnerability Information

CPE: x-cpe:/a:hootoo:tripmate, cpe:/o:hootoo:tripmate_6_firmware, cpe:/h:hootoo:tripmate_6

Required KB Items: installed_sw/HooToo TripMate Web Interface

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/7/2017

Vulnerability Publication Date: 5/9/2017

Reference Information

CVE: CVE-2017-9025