PT-2018-13177 · Argus · Argus Surveillance Dvr

Hyp3Rlinx

Published

2018-08-30

Updated

2018-12-07

CVE-2018-15745

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Argus Surveillance DVR version 4.0.0.0

Description The issue allows unauthenticated directory traversal, resulting in file disclosure. This is achieved by using a ..%2F in the RESULTPAGE parameter of the "WEBACCOUNT.CGI" endpoint.

Recommendations For Argus Surveillance DVR version 4.0.0.0, avoid using the RESULTPAGE parameter in the WEBACCOUNT.CGI endpoint until the issue is resolved. Consider restricting access to the WEBACCOUNT.CGI endpoint to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-15745

Affected Products

Argus Surveillance Dvr

PT-2018-13177 · Argus · Argus Surveillance Dvr

CVE-2018-15745

Weakness Enumeration

Related Identifiers

Affected Products

References · 5