Details of VAR-200607-0487

ID

VAR-200607-0487

CVE

CVE-2006-3604

TITLE

FlexWATCH Network Camera Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2006-002762

DESCRIPTION

Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to bypass access restrictions for (1) admin/aindex.asp or (2) admin/aindex.html via a .. (dot dot) and encoded / (%2f) sequence in the URL. FlexWatch is prone to an authorization-bypass vulnerability. This issue is due to a failure in the application to properly verify user-supplied input. An attacker can exploit this issue to bypass the authorization mechanism. This allows the attacker to gain unauthorized access to the surveillance system. Versions 3.0 and prior are affected. ---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Reversing must be a passion as your skills will be challenged on a daily basis and you will be working several hours everyday in IDA, Ollydbg, and with BinDiff. Often, it is also required that you write a PoC or even a working exploit to prove that an issue is exploitable. 1) Input passed via the URL isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Filter malicious characters and character sequences in a proxy server or firewall with URL filtering capabilities. PROVIDED AND/OR DISCOVERED BY: Jaime Blasco ORIGINAL ADVISORY: Digital Armaments: http://www.digitalarmaments.com/2006300687985463.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-3604 // JVNDB: JVNDB-2006-002762 // BID: 18948 // VULHUB: VHN-19712 // PACKETSTORM: 48144

AFFECTED PRODUCTS

vendor:	seyeon	model:	flexwatch network camera	scope:	lte	version:	3.0	Trust: 1.8
vendor:	seyeon	model:	flexwatch network camera	scope:	eq	version:	3.0	Trust: 0.9

sources: BID: 18948 // JVNDB: JVNDB-2006-002762 // CNNVD: CNNVD-200607-244 // NVD: CVE-2006-3604

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-3604
value:	HIGH
Trust: 1.0
NVD:	CVE-2006-3604
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200607-244
value:	HIGH
Trust: 0.6
VULHUB:	VHN-19712
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-3604
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-19712
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-19712 // JVNDB: JVNDB-2006-002762 // CNNVD: CNNVD-200607-244 // NVD: CVE-2006-3604

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3604

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200607-244

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200607-244

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-002762

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-19712

EXTERNAL IDS

db:	NVD	id:	CVE-2006-3604	Trust: 2.5
db:	BID	id:	18948	Trust: 2.0
db:	SECUNIA	id:	20994	Trust: 1.8
db:	JVNDB	id:	JVNDB-2006-002762	Trust: 0.8
db:	CNNVD	id:	CNNVD-200607-244	Trust: 0.7
db:	BUGTRAQ	id:	20061103 RE: DIGITAL ARMAMENTS SECURITY ADVISORY 10.07.2006: FLEXWATH AUTHORIZATION BYPASSING AND XSS VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20060721 RE: DIGITAL ARMAMENTS SECURITY ADVISORY 10.07.2006: FLEXWATH AUTHORIZATION BYPASSING AND XSS VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20060710 DIGITAL ARMAMENTS SECURITY ADVISORY 10.07.2006: FLEXWATH AUTHORIZATION BYPASSING AND XSS VULNERABILITY	Trust: 0.6
db:	XF	id:	27656	Trust: 0.6
db:	SEEBUG	id:	SSVID-81785	Trust: 0.1
db:	EXPLOIT-DB	id:	28208	Trust: 0.1
db:	VULHUB	id:	VHN-19712	Trust: 0.1
db:	PACKETSTORM	id:	48144	Trust: 0.1

sources: VULHUB: VHN-19712 // BID: 18948 // JVNDB: JVNDB-2006-002762 // PACKETSTORM: 48144 // CNNVD: CNNVD-200607-244 // NVD: CVE-2006-3604

REFERENCES

url:	http://www.digitalarmaments.com/2006300687985463.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/18948	Trust: 1.7
url:	http://secunia.com/advisories/20994	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/439648/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/440893/100/100/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/450478/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/27656	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3604	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3604	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/27656	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/439648/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/450478/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/440893/100/100/threaded	Trust: 0.6
url:	http://www.flexwatch.com/	Trust: 0.3
url:	/archive/1/439648	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/10980/	Trust: 0.1
url:	http://[host]/[code]	Trust: 0.1
url:	http://secunia.com/advisories/20994/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-19712 // BID: 18948 // JVNDB: JVNDB-2006-002762 // PACKETSTORM: 48144 // CNNVD: CNNVD-200607-244 // NVD: CVE-2006-3604

CREDITS

Jaime Blasco is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 18948 // CNNVD: CNNVD-200607-244

SOURCES

db:	VULHUB	id:	VHN-19712
db:	BID	id:	18948
db:	JVNDB	id:	JVNDB-2006-002762
db:	PACKETSTORM	id:	48144
db:	CNNVD	id:	CNNVD-200607-244
db:	NVD	id:	CVE-2006-3604

LAST UPDATE DATE

2025-04-03T22:16:14.053000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-19712	date:	2018-10-18T00:00:00
db:	BID	id:	18948	date:	2006-07-13T21:33:00
db:	JVNDB	id:	JVNDB-2006-002762	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200607-244	date:	2006-07-19T00:00:00
db:	NVD	id:	CVE-2006-3604	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-19712	date:	2006-07-18T00:00:00
db:	BID	id:	18948	date:	2006-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2006-002762	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	48144	date:	2006-07-12T07:20:23
db:	CNNVD	id:	CNNVD-200607-244	date:	2006-07-18T00:00:00
db:	NVD	id:	CVE-2006-3604	date:	2006-07-18T15:37:00