CVE-2018-15745

Опубликовано: 30 авг. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Критический

Описание

Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.

Ссылки

http://hyp3rlinx.altervista.org/advisories/ARGUS-SURVEILLANCE-DVR-v4-UNAUTHENTICATED-PATH-TRAVERSAL-FILE-DISCLOSURE.txt
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/149134/Argus-Surveillance-DVR-4.0.0.0-Directory-Traversal.html
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45296/
Third Party Advisory
VDB Entry
http://hyp3rlinx.altervista.org/advisories/ARGUS-SURVEILLANCE-DVR-v4-UNAUTHENTICATED-PATH-TRAVERSAL-FILE-DISCLOSURE.txt
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/149134/Argus-Surveillance-DVR-4.0.0.0-Directory-Traversal.html
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45296/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:argussurveillance:dvr:4.0.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.91321

Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-97qm-v4fq-fxw5