CVE-2021-20661
📋 TL;DR
This directory traversal vulnerability in SolarView Compact SV-CPT-MC310 allows authenticated attackers to delete arbitrary files and directories on the server. Attackers with valid credentials can potentially delete critical system files, configuration files, or application data. Only SolarView Compact SV-CPT-MC310 devices running versions prior to 6.5 are affected.
💻 Affected Systems
- SolarView Compact SV-CPT-MC310
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through deletion of critical system files leading to denial of service, data loss, or system instability requiring full reinstallation.
Likely Case
Unauthorized deletion of application files, configuration files, or user data leading to service disruption and potential data loss.
If Mitigated
Limited impact if proper access controls, file permissions, and monitoring are in place to detect and prevent unauthorized file operations.
🎯 Exploit Status
Exploitation requires valid credentials but uses simple directory traversal techniques. The unspecified vectors suggest multiple potential exploitation paths.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 6.5
Vendor Advisory: https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf
Restart Required: Yes
Instructions:
1. Download SolarView Compact firmware version 6.5 or later from Contec's official website. 2. Backup current configuration and data. 3. Upload and install the firmware update through the web interface. 4. Restart the device. 5. Verify the update was successful.
🔧 Temporary Workarounds
Restrict Network Access
linuxLimit access to the SolarView web interface to trusted IP addresses only
iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
Implement Strong Authentication
allEnforce complex passwords and consider implementing multi-factor authentication if supported
🧯 If You Can't Patch
- Implement strict network segmentation to isolate SolarView devices from untrusted networks
- Implement file integrity monitoring to detect unauthorized file deletions
🔍 How to Verify
Check if Vulnerable:
Check the firmware version in the SolarView web interface under System Information or Settings. If version is below 6.5, the device is vulnerable.Check Version:
Check via web interface at http(s)://[device-ip]/system_info or similar admin pageVerify Fix Applied:
After updating, verify the firmware version shows 6.5 or higher in the web interface. Test that directory traversal attempts are properly blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion events in system logs
- Multiple failed authentication attempts followed by successful login
- Web server logs showing directory traversal patterns (../, ..\, etc.)
Network Indicators:
- HTTP requests containing directory traversal sequences to SolarView endpoints
- Unusual patterns of file deletion operations
SIEM Query:
source="solarview_logs" AND (event="file_deletion" OR uri="*../*")🔗 References
- https://jvn.jp/en/jp/JVN37417423/index.html
- https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf
- https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf
- https://jvn.jp/en/jp/JVN37417423/index.html
- https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf
- https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf
