Vulnerability Description
Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Acti | Network Video Recorder | sp2_2.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/38386
- http://osvdb.org/38387
- http://secunia.com/advisories/26622
- http://www.securityfocus.com/bid/25465
- http://www.vupen.com/english/advisories/2007/2993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36303
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36304
- https://www.exploit-db.com/exploits/4323
- https://www.exploit-db.com/exploits/4324
- http://osvdb.org/38386
- http://osvdb.org/38387
- http://secunia.com/advisories/26622
- http://www.securityfocus.com/bid/25465
- http://www.vupen.com/english/advisories/2007/2993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36303
FAQ
What is CVE-2007-4583?
CVE-2007-4583 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create ...
How severe is CVE-2007-4583?
CVE-2007-4583 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4583?
Check the references section above for vendor advisories and patch information. Affected products include: Acti Network Video Recorder.