CVE-2019-12971
Description
BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated upload via SMB in BKS EBK Ethernet-Buskoppler Pro <3.01 allows remote code execution through web shell.
Vulnerability
BKS EBK Ethernet-Buskoppler Pro versions prior to 3.01 contain an unrestricted file upload vulnerability (CWE-434). An unauthenticated attacker can connect to the appliance via SMB and overwrite files in the web root directory, such as existing PHP scripts. This vulnerability affects only appliances based on Raspberry Pi 3, introduced during an upgrade from Raspberry Pi 2 to 3 [1].
Exploitation
An attacker needs network access to the appliance and any SMB client (e.g., smbclient, Nautilus, Windows Explorer). The attacker connects to the SMB share and replaces or modifies a PHP file (e.g., index.php) with a malicious version containing a web shell. The attacker can then access the modified script via the web server on TCP port 443 and execute arbitrary commands in the context of the www-data user [1].
Impact
Successful exploitation allows remote code execution with the privileges of the www-data user. The attacker can read, modify, or delete files accessible to that user, potentially compromising the locking system gateway and the connected network [1].
Mitigation
BKS GmbH released firmware version 3.01 on June 14, 2019, which fixes the vulnerability. Users should update to version 3.01 or later. No workaround is described in the advisory [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- BKS/EBK Ethernet-Buskoppler Prodescription
- Range: <3.01
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Unrestricted file upload via unauthenticated Samba share allows overwriting PHP files in the web root."
Attack vector
An unauthenticated attacker on the same IP network as the appliance connects to the Samba share using any SMB client (e.g., smbclient, Windows Explorer). The attacker overwrites an existing PHP file in the web root directory with a web shell payload. The attacker then accesses the modified script via the HTTPS server on TCP port 443, supplying command parameters to achieve remote code execution in the context of the `www-data` user [ref_id=1].
Affected code
The vulnerability exists in the Samba file-sharing service exposed by the BKS EBK Ethernet-Buskoppler Pro appliance (versions before 3.01). The web root directory (e.g., `/webinterface/`) is writable via SMB, allowing an unauthenticated attacker to overwrite PHP files such as `index.php` [ref_id=1].
What the fix does
The advisory states that BKS released firmware version 3.01 (via updater version 1.2.1.2) which fixes the vulnerability [ref_id=1]. No patch diff is provided in the bundle, so the exact code changes are unknown; the fix presumably restricts write access to the web root via Samba or removes the unauthenticated upload functionality entirely.
Preconditions
- networkThe attacker must have network access to the Samba share exposed by the appliance
- authNo authentication is required to connect to the Samba share
- configOnly appliances based on Raspberry Pi 3 are affected
Reproduction
The advisory provides a proof-of-concept: connect via SMB (e.g., `smb://
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- seclists.org/bugtraq/2019/Jul/6mitrex_refsource_MISC
- www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-017.txtmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.