Vulnerability Description
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vivotek | Network Camera Ib8369 Firmware | ib8369-vvtk-0102a |
| Vivotek | Network Camera Ib8369 | - |
| Vivotek | Network Camera Fd8164 Firmware | fd8164-_vvtk-0200b |
| Vivotek | Network Camera Fd8164 | - |
| Vivotek | Network Camera Fd816Ba Firmware | fd816ba-vvtk-010101. |
| Vivotek | Network Camera Fd816Ba | - |
Related Weaknesses (CWE)
References
- https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotekThird Party Advisory
- https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotekThird Party Advisory
FAQ
What is CVE-2017-9829?
CVE-2017-9829 is a vulnerability with a CVSS score of 7.5 (HIGH). '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a craft...
How severe is CVE-2017-9829?
CVE-2017-9829 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9829?
Check the references section above for vendor advisories and patch information. Affected products include: Vivotek Network Camera Ib8369 Firmware, Vivotek Network Camera Ib8369, Vivotek Network Camera Fd8164 Firmware, Vivotek Network Camera Fd8164, Vivotek Network Camera Fd816Ba Firmware.