Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/41829/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2017-04-11 15:59
Updated : 2024-02-28 15:44
NVD link : CVE-2017-7461
Mitre link : CVE-2017-7461
CVE.ORG link : CVE-2017-7461
JSON object : View
Products Affected
intellinet-network
- nfc-30ir_firmware
- nfc-30ir
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')