Unauthenticated Remote File Access in ANTlabs InnGate Firmware

Unauthenticated Remote File Access in ANTlabs InnGate Firmware

CVE-2015-0932 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.

Learn more about our Web Application Penetration Testing UK.