First published: Fri Jun 23 2017(Updated: )
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Vivotek Network Camera IB8369 | =ib8369-vvtk-0102a | |
Vivotek Network Camera IB8369 | ||
Vivotek Network Camera FD8164 Firmware | =fd8164-_vvtk-0200b | |
Vivotek Network Camera Fd8164 Firmware | ||
Vivotek FD816BA Firmware | =fd816ba-vvtk-010101. | |
Vivotek FD816BA Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-9829 has been classified with a high severity due to its potential for remote exploitation and filesystem access.
To fix CVE-2017-9829, update the VIVOTEK network cameras to the latest firmware provided by the manufacturer.
CVE-2017-9829 facilitates remote file reading attacks via crafted HTTP requests.
Affected models include the VIVOTEK Network Camera IB8369, FD8164, and FD816BA with specific vulnerable firmware versions.
CVE-2017-9829 allows attackers to read sensitive files from the Linux filesystem of the affected cameras.