CVE-2017-9829
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.
'/cgi-bin/admin/downloadMedias.cgi' del servicio web en la mayoría de las VIVOTEK Network Cameras es vulnerable, lo que permite a un atacante remoto leer cualquier archivo del sistema de ficheros Linux de las cámaras mediante una solicitud HTTP manipulada que contenga secuencias "..". Esta vulnerabilidad ya esta verificada en VIVOTEK Network Camera IB8369/FD8164/FD816BA; muchas de la otras tienen un firmware similar que también puede ser afectado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-23 CVE Reserved
- 2017-06-23 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vivotek Search vendor "Vivotek" | Network Camera Ib8369 Firmware Search vendor "Vivotek" for product "Network Camera Ib8369 Firmware" | ib8369-vvtk-0102a Search vendor "Vivotek" for product "Network Camera Ib8369 Firmware" and version "ib8369-vvtk-0102a" | - |
Affected
| in | Vivotek Search vendor "Vivotek" | Network Camera Ib8369 Search vendor "Vivotek" for product "Network Camera Ib8369" | - | - |
Safe
|
| Vivotek Search vendor "Vivotek" | Network Camera Fd8164 Firmware Search vendor "Vivotek" for product "Network Camera Fd8164 Firmware" | fd8164-_vvtk-0200b Search vendor "Vivotek" for product "Network Camera Fd8164 Firmware" and version "fd8164-_vvtk-0200b" | - |
Affected
| in | Vivotek Search vendor "Vivotek" | Network Camera Fd8164 Search vendor "Vivotek" for product "Network Camera Fd8164" | - | - |
Safe
|
| Vivotek Search vendor "Vivotek" | Network Camera Fd816ba Firmware Search vendor "Vivotek" for product "Network Camera Fd816ba Firmware" | fd816ba-vvtk-010101. Search vendor "Vivotek" for product "Network Camera Fd816ba Firmware" and version "fd816ba-vvtk-010101." | - |
Affected
| in | Vivotek Search vendor "Vivotek" | Network Camera Fd816ba Search vendor "Vivotek" for product "Network Camera Fd816ba" | - | - |
Safe
|