Directory Traversal Vulnerability in Viola DVR VIO-4/1000

Software:    Viola DVR VIO-4/1000 (other products may be affected)

Vendor:    http://www.videcon.co.uk/

Vulnerability Type:    Directory Traversal

Remote:    Yes

Local:    No

Discovered:    04 April 2011

Reported:    12 April 2011

Disclosed:    19 April 2011

VULNERABILITY DESCRIPTION:

The scripts ''/cgi-bin/wappwd'' and ''/cgi-bin/wapopen'' are prone to a directory-traversal vulnerability because they fail to properly sanitize user-supplied input in the ''FILEFAIL'' and ''FILECAMERA'' parameters respectively.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.

Authentication is not required to exploit the vulnerability.

PoC Exploit:

/cgi-bin/wappwd?FILEFAIL=../../../etc/passwd

/cgi-bin/wapopen?FILECAMERA=../../../etc/passwd

Recommended Post