Published: 17/11/2010 Updated: 10/10/2018

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 785

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote malicious users to read arbitrary files via a .. (dot dot) in the URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
camtron cmnc-200_firmware 1.102a-008
camtron cmnc-200
tecvoz cmnc-200_firmware 1.102a-008
tecvoz cmnc-200

Finding 2: Directory Traversal in Camera Web Server CVE: CVE-2010-4231 The CMNC-200 IP Camera has a built-in web server that is enabled by default The server is vulnerable to directory transversal attacks, allowing access to any file on the camera file system The following example will display the contents of /etc/passwd: GET ////// ...

The Camtron CMNC-200 IP Camera suffers from buffer overflow, administrative bypass, default account and directory traversal vulnerabilities ...

A PoC exploit for CVE-2010-4231 - Directory Traversal Vulnerability in Camtron and TecVoz IP Cameras.

CVE-2010-4231 - Directory Traversal Vulnerability in Camtron and TecVoz IP Cameras CVE-2010-4231 is a directory traversal vulnerability that exists in the web-based administration interface of the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera The vulnerability allows remote attackers to read arbitrary files by exploiting a "" (dot dot)

CWE-22 http://www.exploit-db.com/exploits/15505/https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt http://www.securityfocus.com/archive/1/514753/100/0/threaded https://nvd.nist.gov https://github.com/K3ysTr0K3R/CVE-2010-4231-EXPLOIT https://www.exploit-db.com/exploits/15505/

CVE-2010-4231

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect