CVE-2022-39033 The acquisition function of the smart vision file has a vulnerability due to the lack of filtering of special characters in the URL parameter.

The function that handles file downloads on the Smart eVision OS is vulnerable. An attacker can exploit this to download and delete arbitrary files on the affected system to cause disruption. The source of this issue was confirmed to be due to incorrect validation of URL parameters in the smart vision file acquisition function. A path traversal vulnerability was also confirmed on the Smart eVision OS. An attacker can exploit this to access and delete arbitrary files on the affected system to cause disruption. The source of this issue was confirmed to be due to incorrect validation of URL parameters in the smart vision file acquisition function. An unauthenticated remote attacker can exploit this to download and delete arbitrary system files to disrupt service.

Vulnerability Scenario

If you have Smart eVision OS installed on your system, it is highly recommended to update the firmware from 1.0.0-1-1 to 1.0.2-1-1 as soon as possible.
This advisory is sent out to inform customers of a security vulnerability found in Smart eVision OS that can be exploited by an unauthenticated remote attacker to cause disruption.
An attacker can exploit this vulnerability by sending a malicious request that, if processed properly, would lead to downloading and deleting arbitrary files on the affected system, or accessing and deleting arbitrary files on the affected system.
The source of this issue was confirmed to be due to incorrect validation of URL parameters in the smart vision file acquisition function, resulting in path traversal vulnerabilities in both Windows and Linux that are exploitable by an unauthenticated remote attacker with low privilege level access.

Vulnerable devices

Smart eVision OS
The issue on the Smart eVision OS was confirmed to be due to incorrect validation of URL parameters in the smart vision file acquisition function.
An unauthenticated remote attacker can exploit this to download and delete arbitrary system files to disrupt service
CVE-2022-39033

Timeline

Published on: 09/28/2022 04:15:00 UTC
Last modified on: 09/28/2022 23:44:00 UTC

References

• https://www.twcert.org.tw/tw/cp-132-6570-9c632-1.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39033