Beck GmbH IPC@CHIP HTTPD File Disclosure Vulnerability

The IPC@Chip is a single-chip embedded webserver from Beck GmbH.

By default, the device's inbuilt httpd service uses the system root as its webroot. An attacker may request and obtain arbitrary files anywhere in the filesystem, including those containing sensitive information such as user IDs and passwords.

This leads to a complete compromise of the device's security, and could allow a remote attacker to undermine its normal operation.


Privacy Statement
Copyright 2010, SecurityFocus