Описание
Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:intellinet-network:nfc-30ir_firmware:lm.1.6.16.05:*:*:*:*:*:*:*
cpe:2.3:h:intellinet-network:nfc-30ir:-:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.07798
Низкий
4.9 Medium
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 4.9
github
больше 3 лет назад
Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.
EPSS
Процентиль: 92%
0.07798
Низкий
4.9 Medium
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-22