Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-9829

Опубликовано: 23 июн. 2017
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:vivotek:network_camera_ib8369_firmware:ib8369-vvtk-0102a:*:*:*:*:*:*:*
cpe:2.3:h:vivotek:network_camera_ib8369:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:vivotek:network_camera_fd8164_firmware:fd8164-_vvtk-0200b:*:*:*:*:*:*:*
cpe:2.3:h:vivotek:network_camera_fd8164:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:vivotek:network_camera_fd816ba_firmware:fd816ba-vvtk-010101.:*:*:*:*:*:*:*
cpe:2.3:h:vivotek:network_camera_fd816ba:-:*:*:*:*:*:*:*

EPSS

Процентиль: 90%
0.05926
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

github логотип

GHSA-wq34-m4x9-8pmg

CVSS3: 7.5
github
больше 3 лет назад

'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.

EPSS

Процентиль: 90%
0.05926
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22