La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Ultimi Comunicati Stampa

Redazione ufficio stampa

Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati

CVE-2022-25343

CVE-2022-25343 – Olivetti d-COLOR MF3555

Vulnerability Description: CWE-400: Denial of Service
Software Version: Firmware 2XD_S000.002.271
NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-25343
CVSv3: 7.5
Severity
: High
Credits:
 Mattia Campanelli, Luca Carbone, Massimiliano Brolli

An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Denial of Service. An unauthenticated attacker, who can send POST requests to the /download/set.cgi page by manipulating the failhtmfile variable, is able to cause interruption of the service provided by the Web Application.

NOTE: This vulnerability has been fixed in the available firmware version 2XD_S000.002.703 from January 17th, 2022 and later versions.

Step-by-step instructions and PoC

The vulnerability is an unauthenticated POST request to the page /download/set.cgi. The web application get on system error by manipulating the variable failhtmfile and adding a relative path to a non-existent file, with most of the common path traversal payloads:

  • .;%2f.;%2f.;%2f.;%2f.;%2f.;%2fetc%2fpasswd
  • ..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd

…and so on.

After that, all the resources of the Web Application will answer 404 Not Found, until the printer is restarted.

Affected Endpoints

  • URL: /download/set.cgi
  • HTTP Parameter: failhtmfile

Below are the evidences with the vulnerability details and the payloads used.

CVE-2022-25343-1

Figure 1: System error - 404 Not Found on all resources

Click here to enlarge the image