Published: 08/12/2011 Updated: 22/08/2013

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 515

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and previous versions allows remote malicious users to read arbitrary files via the file parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dream-multimedia-tv dreambox_dm800_hd_se_firmware
dream-multimedia-tv dreambox_dm800_hd_se_firmware 1.5
dream-multimedia-tv dreambox_dm800_hd_se -
dream-multimedia-tv dreambox_dm800_hd_pvr_firmware 1.5
dream-multimedia-tv dreambox_dm800_hd_pvr_firmware 1.6
dream-multimedia-tv dreambox_dm800_hd_pvr -

# Exploit Title: [title] # Date: [date] # Author: [ShellVision] # Version: [dm800 <= 16rc3] # Tested on: [dm800 Release 460 2009-12-24] DreamBox DM800 Arbitrary File Download Vulnerability Vendor: Dream Multimedia GmbH Product web page: wwwdream-multimedia-tvde Affected version: DM800 (may affect others version) Summary: The ...

source: wwwsecurityfocuscom/bid/50520/info DreamBox DM800 is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application This m ...

#!/usr/bin/perl # DreamBox DM800 <= 15rc1 Remote File Disclosure Exploit # # Author: Todor Donev # Email: todordonev@@gmailcom # Type: Hardware # Vuln Type: Remote ##### # Product summary: DreamBox DM800 is Powerful receiver # for digital TV and Radio programs based on Linux # Product web page: wwwdream-multimedia-tvde #### ...

CWE-22 http://www.securityfocus.com/bid/50520 http://www.exploit-db.com/exploits/18079 https://nvd.nist.gov https://www.exploit-db.com/exploits/17422/

CVE-2011-4716

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect