Viola DR VIO-4/1000 Directory Traversal

2011-04-20T00:00:00
ID PACKETSTORM:100620
Type packetstorm
Reporter Demetris Papapetrou
Modified 2011-04-20T00:00:00

Description

                                        
                                            `==============================================================  
Viola DVR VIO-4/1000 - Directory Traversal Vulnerability  
==============================================================  
  
Software: Viola DVR VIO-4/1000 (other products may be affected)  
Vendor: http://www.videcon.co.uk/  
Vuln Type: Directory Traversal  
Remote: Yes  
Local: No  
Discovered by: QSecure and Demetris Papapetrou  
Website: http://www.qsecure.com.cy  
Discovered: 04/04/2011  
Reported: 12/04/2011  
Disclosed: 19/04/2011  
Vendor's Response: None  
Vulnerability Reference: http://www.qsecure.com.cy/advisories/dir_traversal_in_viola_dvr.html  
  
VULNERABILITY DESCRIPTION:  
==========================  
The scripts "/cgi-bin/wappwd" and "/cgi-bin/wapopen" are prone to a directory-traversal vulnerability because they fail to properly sanitize user-supplied input in the "FILEFAIL" and "FILECAMERA" parameters respectively.  
  
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.  
  
Authentication is not required to exploit the vulnerability.  
  
PoC Exploit:  
============  
/cgi-bin/wappwd?FILEFAIL=../../../etc/passwd  
/cgi-bin/wapopen?FILECAMERA=../../../etc/passwd  
`