Lucene search

MitreCVE-2011-4716

HistoryDec 08, 2011 - 7:55 p.m.

CVE-2011-4716

2011-12-0819:55:08

CWE-22

mitre

web.nvd.nist.gov

cve-2011-4716

dreambox dm800

directory traversal

file parameter

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.005

Percentile

77.5%

JSON

Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter.

Affected configurations

Nvd

Node

dream-multimedia-tvdreambox_dm800_hd_se_firmwareRange≤1.6rc3

dream-multimedia-tvdreambox_dm800_hd_se_firmwareMatch1.5rc1

AND

dream-multimedia-tvdreambox_dm800_hd_seMatch-

Node

dream-multimedia-tvdreambox_dm800_hd_pvr_firmwareMatch1.5rc1

dream-multimedia-tvdreambox_dm800_hd_pvr_firmwareMatch1.6rc3

AND

dream-multimedia-tvdreambox_dm800_hd_pvrMatch-

VendorProductVersionCPE
dream-multimedia-tvdreambox_dm800_hd_se_firmware*cpe:2.3:a:dream-multimedia-tv:dreambox_dm800_hd_se_firmware:*:rc3:*:*:*:*:*:*
dream-multimedia-tvdreambox_dm800_hd_se_firmware1.5cpe:2.3:a:dream-multimedia-tv:dreambox_dm800_hd_se_firmware:1.5:rc1:*:*:*:*:*:*
dream-multimedia-tvdreambox_dm800_hd_se-cpe:2.3:h:dream-multimedia-tv:dreambox_dm800_hd_se:-:*:*:*:*:*:*:*
dream-multimedia-tvdreambox_dm800_hd_pvr_firmware1.5cpe:2.3:a:dream-multimedia-tv:dreambox_dm800_hd_pvr_firmware:1.5:rc1:*:*:*:*:*:*
dream-multimedia-tvdreambox_dm800_hd_pvr_firmware1.6cpe:2.3:a:dream-multimedia-tv:dreambox_dm800_hd_pvr_firmware:1.6:rc3:*:*:*:*:*:*
dream-multimedia-tvdreambox_dm800_hd_pvr-cpe:2.3:h:dream-multimedia-tv:dreambox_dm800_hd_pvr:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dream-multimedia-tv	dreambox_dm800_hd_se_firmware	*	cpe:2.3:a:dream-multimedia-tv:dreambox_dm800_hd_se_firmware::rc3::::::*
dream-multimedia-tv	dreambox_dm800_hd_se_firmware	1.5	cpe:2.3:a:dream-multimedia-tv:dreambox_dm800_hd_se_firmware:1.5:rc1::::::
dream-multimedia-tv	dreambox_dm800_hd_se	-	cpe:2.3:h:dream-multimedia-tv:dreambox_dm800_hd_se:-:::::::*
dream-multimedia-tv	dreambox_dm800_hd_pvr_firmware	1.5	cpe:2.3:a:dream-multimedia-tv:dreambox_dm800_hd_pvr_firmware:1.5:rc1::::::
dream-multimedia-tv	dreambox_dm800_hd_pvr_firmware	1.6	cpe:2.3:a:dream-multimedia-tv:dreambox_dm800_hd_pvr_firmware:1.6:rc3::::::
dream-multimedia-tv	dreambox_dm800_hd_pvr	-	cpe:2.3:h:dream-multimedia-tv:dreambox_dm800_hd_pvr:-:::::::*

References

www.exploit-db.com/exploits/18079

www.securityfocus.com/bid/50520

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.005

Percentile

77.5%

JSON

Related for CVE-2011-4716