Published: 15/03/2013 Updated: 20/03/2013

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 785

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

Directory traversal vulnerability in the web interface on Foscam devices with firmware prior to 11.37.2.49 allows remote malicious users to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials.

Vulnerable Product	Search on Vulmon	Subscribe to Product
foscam fi8919w

source: wwwsecurityfocuscom/bid/58290/info Foscam is prone to a directory-traversal vulnerability Remote attackers can use specially crafted requests with directory-traversal sequences ('/') to retrieve arbitrary files in the context of the application This may aid in further attacks GET ///proc/kcore HTTP/10 ...

|_ / | | | / | | | | | |_ | | | | | || | | || | | | ) | | | | | || || _ | ||/| || |_|| || | | || | () ___ __ | | | | | | __ _ | | () __ __ _ | | | _| ' | |/ __/ | | | |_| |/ _ |/ | |/ / | ' \ / ` | | || || | | | | (| (| | | | _ | (| | (| <| | | | | (_| | ||_|| |||__,|| || ||_,_|_||__|| ||_, | |__/ Date 04-12-2014 for the ISITECH Etical Hacki

CWE-22 http://archives.neohapsis.com/archives/bugtraq/2013-03/0080.html https://nvd.nist.gov https://github.com/on4r4p/foscamPoc https://www.exploit-db.com/exploits/38356/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-2560

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect