CVE-2019-7404 in GAMP-7100
Summary
by MITRE
An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 09/17/2023
This vulnerability exists in LG routers running firmware versions that fail to properly validate HTTP requests for log file access. The issue affects specific models including GAMP-7100, GAPM-7200, and GAPM-8000 devices that are commonly deployed in residential and small office environments. The flaw stems from inadequate input validation mechanisms that allow remote attackers to construct malicious HTTP requests without authentication requirements. When an attacker submits a request containing the full pathname to a log file, the router's web interface processes the request without proper authorization checks, enabling arbitrary file read access to sensitive system logs.
The technical implementation of this vulnerability falls under CWE-22 Improper Limitation of a Pathname to a Restricted Directory, which is a well-documented weakness in web application security. The vulnerability is particularly concerning because it allows unauthenticated access to system log files that may contain sensitive information such as system configurations, user activities, network traffic patterns, and potentially credentials or system vulnerabilities. The affected log files are stored in predictable locations within the router's file system, making exploitation straightforward for attackers who can enumerate the specific file naming conventions used by the device.
The operational impact of this vulnerability extends beyond simple information disclosure. Attackers can leverage this access to gather intelligence about the router's configuration, network topology, and potentially identify other system vulnerabilities. The log files might contain information about system updates, security events, or failed authentication attempts that could aid in crafting more sophisticated attacks. Additionally, the presence of these logs could reveal system administration practices and potentially expose the router's internal network structure. From an attacker's perspective, this vulnerability represents a low-effort, high-value entry point that could lead to further exploitation or lateral movement within the network.
Organizations should implement immediate mitigations including disabling unnecessary web interfaces, restricting network access to router management interfaces, and applying firmware updates from LG when available. The vulnerability demonstrates the importance of proper access control mechanisms and input validation in embedded systems. Security practitioners should also consider implementing network monitoring to detect suspicious HTTP requests targeting system files. This issue aligns with ATT&CK technique T1083, File and Directory Discovery, as it enables unauthorized access to system log files through web interface manipulation. The vulnerability highlights the critical need for proper security testing of embedded devices and the importance of following secure coding practices that prevent path traversal attacks in network appliances.