TrackerCam 5.12 and previous versions allows remote malicious users to read log files via the fn parameter in a direct request to the ComGetLogFile.php3 script.
trackercam trackercam