CVE-2015-2166

NUCLEI

Ericsson Drutt Mobile Service Delivery Platform - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.

Exploits (2)

exploitdb WRITEUP

by Anastasios Monachos · textwebappslinux

https://www.exploit-db.com/exploits/36619

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by K3ysTr0K3R · poc

https://github.com/K3ysTr0K3R/CVE-2015-2166-EXPLOIT

View Code ZIP pw:eip

Nuclei Templates (1)

Ericsson Drutt MSDP - Local File Inclusion

MEDIUMby daffainfo

References (3)

[Exploit] http://packetstormsecurity.com/files/131233/Ericsson-Drutt-MSDP-Instance-Monitor-Directory-Traversal-File-Access.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/73901

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/36619/

Scores

EPSS 0.7360

EPSS Percentile 98.8%

Details

CWE

CWE-22

Status published

Products (3)

ericsson/drutt_mobile_service_delivery_platform 4.0

ericsson/drutt_mobile_service_delivery_platform 5.0

ericsson/drutt_mobile_service_delivery_platform 6.0

Published Apr 06, 2015

Tracked Since Feb 18, 2026