ID
VAR-201610-0710
TITLE
File download vulnerability exists in AVTECH device
Trust: 0.6
sources:
CNVD: CNVD-2016-08738
DESCRIPTION
AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. There is a file download vulnerability in AVTECH devices. Since the stream file request verified by the streamdweb server searches for the \".cab\" string through the strstr function in the URL, the unauthenticated attacker exploits the vulnerability to download any file including the cgi script on the webroot, which constitutes a sensitive information leak.
Trust: 0.6
sources:
CNVD: CNVD-2016-08738
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08738
AFFECTED PRODUCTS
| vendor: | avtech | model: | dvr | scope: | - | version: | - | Trust: 0.6 |
| vendor: | avtech | model: | nvr | scope: | - | version: | - | Trust: 0.6 |
| vendor: | avtech | model: | ip camera | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08738
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2016-08738
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2016-08738 | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08738
REFERENCES
| url: | http://seclists.org/bugtraq/2016/oct/26 | Trust: 0.6 |
| url: | http://www.search-lab.hu/advisories/126-avtech-devices-multiple-vulnerabilities | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08738
SOURCES
| db: | CNVD | id: | CNVD-2016-08738 |
LAST UPDATE DATE
2022-05-04T09:34:28.904000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-08738 | date: | 2016-10-13T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-08738 | date: | 2016-10-13T00:00:00 |