CVE-2013-2560 – Foscam < 11.37.2.49 - Directory Traversal

https://notcve.org/view.php?id=CVE-2013-2560

Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials. Vulnerabilidad de salto de directorio en la interfaz web en dispositivos Foscam con firmware anterior a v11.37.2.49 que permite a atacantes remotos leer ficheros a través de .. (punto punto) en la URI, se ha demostrado descubriendo (1) credenciales web o (2) credenciales Wi-Fi. Foscam firmware versions 11.37.2.48 and below suffer from a path traversal vulnerability. • https://www.exploit-db.com/exploits/38356 http://archives.neohapsis.com/archives/bugtraq/2013-03/0080.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •