CVE-2013-3541 – Airlive IP Cameras - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2013-3541

Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. (dot dot) in the READ.filePath parameter. Vulnerabilidad de salto de directorio en cgi-bin/admin/fileread en AirLive WL2600CAM y posiblemente otros modelos de cámara permite a atacantes remotos leer archivos arbitrarios a través de .. (punto punto) en el parámetro READ.filePath. Airlive IP cameras suffers from information disclosure, clear text storage of sensitive information, cross site request forgery, denial of service, and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/26174 http://seclists.org/fulldisclosure/2013/Jun/84 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •