Описание
Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, and its final firmware version has this vulnerability (4.x versions exist only for other Genie Access products).
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0 (включая)
Одновременно
cpe:2.3:o:genieaccess:wip3bvaf_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:genieaccess:wip3bvaf:-:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.61225
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, and its final firmware version has this vulnerability (4.x versions exist only for other Genie Access products).
EPSS
Процентиль: 98%
0.61225
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22