Zyxel Armor X1 WAP6806

Directory Listing vulnerability found in Zyxel Armor X1 WAP6806. The ZyXEL ARMOR X1 works as an access point, a Wi-Fi extender or a wireless client. The ZyXEL ARMOR X1 provides the latest 802.11ac dual-band wireless technology, with which you can instantly enjoy 2.4 GHz/5 GHz wireless connectivity for daily use.

The vulnerability was disclosed to Zyxel security team under responsible disclosure and they stated that this will be patched in the upcoming release. A directory listing as stated by CWE is inappropriately exposed, yielding potentially sensitive information to attackers. It provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed
and accessible.

It is a web server function that displays the directory contents when there is no index file in a specific website directory.It is dangerous to leave this function turned on for the web server because it leads toinformation disclosure. Exposing the contents of a directory can lead to an attacker gaining access to source code or providing useful information for the attacker to devise exploits, such as creation times of files or any information that may be encoded in file names.

The directory listing may also compromise private or confidential data.

Below are the vulnerability disclosure details

Exploit Title: Zyxel Armor X1 WAP6806 – Directory Traversal
Date: 2020-06-19
Exploit Author: Rajivarnan R
Vendor Homepage: https://www.zyxel.com/
Software [http://www.zyxelguard.com/WAP6806.asp]
Version: [V1.00(ABAL.6)C0]
CVE: 2020-14461
Tested on: Linux Mint / Windows 10
Vulnerabilities Discovered Date : 2020/06/19 [YYYY/MM/DD]
As a result of the research, one vulnerability identified.
(Directory Traversal)
Technical information is provided below step by step.
[1] – Directory Traversal Vulnerability
Vulnerable Parameter Type: GET
CVSS 3.x Severity and Metrics: Base Score: 8.6 High Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Reference :