Revolution Pi: Schwachstellen in Webstatus
Kunbus-2024-0000001: Security Issues in Webstatus
| Publisher: Kunbus PSIRT | Document category: csaf_security_advisory |
| Initial release date: 2024-09-19T10:00:00.000Z | Engine: csaf-cms-backend 1.0.0 |
| Current release date: 2024-09-19T10:00:00.000Z | Build Date: 2024-09-19T08:04:21.902Z |
| Current version: 1.0.0 | Status: final |
| CVSSv3.1 Base Score: 6.7 | Severity: Important |
| Original language: | Language: en-US |
| Also referred to: | |
Vulnerabilities
Authenticated Command Injection in Webstatus (CVE-2024-8684)
DescriptionThe command execution of webstatus lacks proper input validation which leads to the ability to inject arbitrary commands for a user authenticated to the application. The commands are would be executed in the context of the low privileged www-data user. The main PHP file governing the behavior of the Revolution Pi administrative web application is vulnerable to command injection, allowing for arbitrary code execution as the low-privileged www-data user.
| CWE: | CWE-78:Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
|---|
Product status
Known affected
| Product | CVSS-Vector | CVSS Base Score |
|---|---|---|
| KUNBUS Revolution Pi Revolution Pi OS Buster (08/2022) | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H | 6.7 |
| KUNBUS Revolution Pi webstatus <=2.4.1 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H | 6.7 |
Fixed
- KUNBUS Revolution Pi webstatus 2.4.2
Directory Traversal in Pictory (CVE-2024-8685)
DescriptionPictory has a function to list directory contents. This is nessesary to provide the option to load configurations to the user. Due to insufficient input sanitation it was possible get directory listings of all directories the www-data user has access to and not only the data storage directory of the application. It was not possible to get the file contents with this vulnerability.
| CWE: | CWE-22:Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|---|
Product status
Known affected
| Product | CVSS-Vector | CVSS Base Score |
|---|---|---|
| KUNBUS Revolution Pi Revolution Pi OS Buster (08/2022) | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N | 2.7 |
| KUNBUS Revolution Pi pictory < 2.1.1 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N | 2.7 |
Fixed
- KUNBUS Revolution Pi pictory 2.1.1
Acknowledgments
Kunbus PSIRT thanks the following parties for their efforts:- Ethan Shackelford, Ehab Hussein from IOActive for Thanks for discovering and reporting the vulnerabilities.
- INCIBE for Thanks for CVE assignment and coordination.
Kunbus PSIRT
Namespace: https://www.kunbus.com
product-security@kunbus.com
References
- URL generated by system (self): https://csaf.kunbus.com//2024/kunbus-2024-0000001.json
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1.0.0 | 2024-09-19T10:00:00.000Z | Initial Publication |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/