This host is running Ultra Electronics AEP Ultra Protect and is prone to multiple vulnerabilities.

Successful exploitation will allow attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application

No solution or patch is available as of 30th January, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to https://www.northbridgesecure.com/products/netilla-os

Multiple flaws are due to, - The /preauth/login.cgi script not properly sanitizing user-supplied input to the 'realm' GET parameter. - The /preauth/login.cgi not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') supplied via the 'realm' GET parameter.

Ultra Electronics - Series A Version 7.2.0.19 and 7.4.0.7

Send a crafted request via HTTP GET and check whether it is able to read information or not.

• http://www.exploit-db.com/exploits/34918
• http://www.osisecurity.com.au/advisories/ultra-aep-netilla-vulnerabilities
• http://www.osvdb.org/112675
• http://www.osvdb.org/112676

---

Updated on 2015-03-25