First published: Fri Mar 15 2013(Updated: )
Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Foscam Fi8919w Firmware | <=firmware_11.37.2.47 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-2560 is considered to have a moderate severity due to its potential for remote exploitation.
To fix CVE-2013-2560, upgrade the firmware of Foscam devices to version 11.37.2.49 or later.
CVE-2013-2560 affects Foscam devices, specifically the Fi8919w model running firmware prior to version 11.37.2.49.
Yes, CVE-2013-2560 can allow attackers to read arbitrary files, potentially exposing sensitive information such as web and Wi-Fi credentials.
A directory traversal vulnerability, as seen in CVE-2013-2560, allows attackers to navigate the file system and access files outside of the intended directory.