CVE-2017-9829

Name of the Vulnerable Software and Affected Versions VIVOTEK Network Cameras (affected versions not specified)

Description The /cgi-bin/admin/downloadMedias.cgi API endpoint of the web service in VIVOTEK Network Cameras is vulnerable, allowing remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing .. sequences. This issue has been verified on VIVOTEK Network Camera models IB8369, FD8164, and FD816BA, and other models with similar firmware may also be affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.