Vulnerability CVE-2019-13408


Published: 2019-08-28   Modified: 2019-08-29

Description:
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Geovision -> Gv-vd8700 firmware 
Geovision -> Gv-vr360 firmware 
Androvideo -> Vd 1 firmware 

 References:
http://surl.twcert.org.tw/2bvXq
https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md
https://tvn.twcert.org.tw/taiwanvn/TVN-201906009

Copyright 2024, cxsecurity.com

 

Back to Top