Strix
26.1K

CVE-2017-9829

Unknown

Last modified

CVE-2017-9829 is a vulnerability of currently unknown severity. '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected..

Description

'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.

Weakness Enumeration

Affected Software

VendorProductVersions
VivotekNetwork Camera Ib8369 Firmwareib8369-vvtk-0102a
VivotekNetwork Camera Fd8164 Firmwarefd8164-_vvtk-0200b
VivotekNetwork Camera Fd816ba Firmwarefd816ba-vvtk-010101.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-9829?
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.
How severe is CVE-2017-9829?
Severity scoring for CVE-2017-9829 is pending analysis.
How do I fix CVE-2017-9829?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-9829?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST