CVE-2016-7552

Related Files

Trend Micro Threat Discovery Appliance 2.6.1062r1 logoff.cgi Directory Traversal

Posted Apr 20, 2017

Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.

tags | exploit, cgi, bypass, file inclusion

advisories | CVE-2016-7552

SHA-256 | 2d89facad03b2aadfc7a64dbc4b3ae3e700fb5257315bc07a0d5dac0b54f2211

Download | Favorite | View

Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution

Posted Apr 19, 2017

Authored by Roberto Suggi Liverani, mr_me | Site metasploit.com

This Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547).

tags | exploit, cgi, vulnerability, bypass

advisories | CVE-2016-7547, CVE-2016-7552

SHA-256 | 035399021ac947492b961a04ac25a5a12f67bebc47e9858ba91b9e72dfccdc17

Download | Favorite | View