CVE-2017-7461

Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.
References
Link Resource
https://www.exploit-db.com/exploits/41829/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:intellinet-network:nfc-30ir_firmware:lm.1.6.16.05:*:*:*:*:*:*:*
cpe:2.3:h:intellinet-network:nfc-30ir:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-04-11 15:59

Updated : 2024-02-28 15:44


NVD link : CVE-2017-7461

Mitre link : CVE-2017-7461

CVE.ORG link : CVE-2017-7461


JSON object : View

Products Affected

intellinet-network

  • nfc-30ir_firmware
  • nfc-30ir
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')