PT-2017-19203 · Vivotek · Vivotek Network Cameras

Published

2017-06-23

Updated

2017-07-05

CVE-2017-9829

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions VIVOTEK Network Cameras (affected versions not specified)

Description The /cgi-bin/admin/downloadMedias.cgi API endpoint of the web service in VIVOTEK Network Cameras is vulnerable, allowing remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing .. sequences. This issue has been verified on VIVOTEK Network Camera models IB8369, FD8164, and FD816BA, and other models with similar firmware may also be affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2017-9829

Affected Products

Vivotek Network Cameras

PT-2017-19203 · Vivotek · Vivotek Network Cameras

CVE-2017-9829

Weakness Enumeration

Related Identifiers

Affected Products

References · 3