Beck IPC GmbH IPC@Chip Web Server chipcfg.cgi Direct Request Information Disclosure
Remote / Network Access
Loss of Confidentiality
Beck IPC GmbH IPC@Chip Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by sending a direct request to the the 'chipcfg.cgi' script, which will disclose network configuration settings to a remote attacker resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: consult the vendor's documentation for the API CGI_REMOVE function.
Discovered and posted to Bugtraq by Siberian <email@example.com> on May 21, 2001.
Beck IPC GmbH IPC@CHIP Embedded-Webserver
A vulnerability exists in IPC@CHIP which could enable a remote user to gain access to ChipCfg.cgi. A specially crafted URL for ChipCfg.cgi will return sensitive network data. ChipCfg.cgi is installed by default. The vendor reports that it can be uninstalled.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.
The vendor reports: "The API allows removal of this CGI with the CGI_REMOVE function".