CVE-2022-4982

Vulnerability Description

DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that accept a path parameter (`content` or `sidebar`) which is not properly validated or canonicalized. An attacker can supply directory-traversal sequences to cause the server to read and return arbitrary filesystem files that the webserver user can access. Other GoIP models and firmware versions are likely affected. Exploitation evidence was observed by the Shadowserver Foundation on 2024-03-21 UTC.

Related Weaknesses (CWE)

References

• http://www.dbltek.com/
• https://shufflingbytes.com/posts/hacking-goip-gsm-gateway/
• https://www.exploit-db.com/exploits/50775
• https://www.vulncheck.com/advisories/dbltek-goip-unauthenticated-lfi
• https://shufflingbytes.com/posts/hacking-goip-gsm-gateway/
• https://www.exploit-db.com/exploits/50775

FAQ

What is CVE-2022-4982?

CVE-2022-4982 is a documented vulnerability. DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that acc...

How severe is CVE-2022-4982?

CVSS scoring is not yet available for CVE-2022-4982. Check NVD for updates.

Is there a patch for CVE-2022-4982?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.