CVE-2021-45418 – This directory traversal vulnerability in Starc... (How to Fix)

Q: How do I fix CVE-2021-45418?

1. Download latest firmware from Starcharge website. 2. Access device web interface. 3. Navigate to firmware update section. 4. Upload and apply new firmware. 5. Reboot device after update completes.

Q: What is the severity of CVE-2021-45418?

CVE-2021-45418 has a CVSS score of 8.8 (HIGH). This directory traversal vulnerability in Starcharge Nova 360 Cabinet and Titan 180 Premium products allows attackers to access arbitrary files on the system via the main.cgi endpoint. It affects users running vulnerable firmware versions, potentially exposing sensitive configuration files, credentials, or system data.

📋 TL;DR

This directory traversal vulnerability in Starcharge Nova 360 Cabinet and Titan 180 Premium products allows attackers to access arbitrary files on the system via the main.cgi endpoint. It affects users running vulnerable firmware versions, potentially exposing sensitive configuration files, credentials, or system data.

💻 Affected Systems

Products:

Starcharge Nova 360 Cabinet
Starcharge Titan 180 Premium

Versions: Nova 360 Cabinet <=1.3.0.0.6, Titan 180 Premium <=1.3.0.0.7b102

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default web interface configuration via main.cgi endpoint.

📦 What is this software?

Nova 360 Cabinet Firmware by Starcharge

View all CVEs affecting Nova 360 Cabinet Firmware →

Titan 180 Premium Firmware by Starcharge

View all CVEs affecting Titan 180 Premium Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive files like configuration files containing credentials, followed by authentication bypass or remote code execution.

🟠

Likely Case

Unauthorized access to sensitive system files, configuration data, or logs leading to information disclosure and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation attempts.

🌐 Internet-Facing: HIGH - Web interface accessible from internet with unauthenticated directory traversal vulnerability.

🏢 Internal Only: MEDIUM - Still vulnerable to internal attackers but reduced attack surface compared to internet exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal attacks are well-understood with simple path manipulation techniques. Public GitHub repository contains proof-of-concept details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Nova 360 Cabinet: 1.3.0.0.9, Titan 180 Premium: Beta1.3.0.1.0

Vendor Advisory: http://starcharge.com

Restart Required: Yes

Instructions:

1. Download latest firmware from Starcharge website. 2. Access device web interface. 3. Navigate to firmware update section. 4. Upload and apply new firmware. 5. Reboot device after update completes.

🔧 Temporary Workarounds

Network Access Restriction

linux

Block external access to device web interface using firewall rules

iptables -A INPUT -p tcp --dport 80 -s ! 192.168.1.0/24 -j DROP
iptables -A INPUT -p tcp --dport 443 -s ! 192.168.1.0/24 -j DROP

Web Server Configuration

all

Add input validation to block directory traversal patterns if custom web server configuration is possible

🧯 If You Can't Patch

Isolate affected devices in separate VLAN with strict network segmentation
Implement web application firewall (WAF) rules to block directory traversal patterns like ../ and ..\

🔍 How to Verify

Check if Vulnerable:

Attempt to access /main.cgi?page=../../../etc/passwd or similar traversal patterns via web browser or curl

Check Version:

Check firmware version in device web interface under System > About or similar menu

Verify Fix Applied:

After patching, retry directory traversal attempts - should return error or sanitized response

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing ../ or ..\ patterns
Access to unusual file paths via main.cgi
Multiple failed traversal attempts

Network Indicators:

Unusual GET requests to main.cgi with path traversal sequences
Traffic spikes to device web interface from external IPs

SIEM Query:

source="web_logs" AND uri="*main.cgi*" AND (uri="*../*" OR uri="*..\\*")

📊 Metadata

CVE ID: CVE-2021-45418

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: December 22, 2021

Last Updated: November 21, 2024

🔗 References

http://starcharge.com Vendor Advisory
https://github.com/shortmore/trsh/blob/main/starcharge/CVE-2021-45418.md Exploit,Third Party Advisory
https://vincss.net Not Applicable
http://starcharge.com Vendor Advisory
https://github.com/shortmore/trsh/blob/main/starcharge/CVE-2021-45418.md Exploit,Third Party Advisory
https://vincss.net Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45418, you might also want to check these: