5 matches found
AppearTV XC5000 and XC5100 File Read Vulnerability
The AppearTV XC5000 and XC5100 are both versatile, carrier-grade broadcast devices from AppearTV Norway. A security vulnerability exists in the AppearTV XC5000 and XC5100 using firmware version 3.26.217. An attacker could send a specially crafted HTTP request to a web server running Maintenance...
Design/Logic Flaw
On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request such as GET /../../../../../../../../../../../../etc/passwd to the web server fuzzd/0.1.1 running the Maintenance Center on port TCP/8088. This can lead to full...
CVE-2018-7539
On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request such as GET /../../../../../../../../../../../../etc/passwd to the web server fuzzd/0.1.1 running the Maintenance Center on port TCP/8088. This can lead to full...
CVE-2018-7539
On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request such as GET /../../../../../../../../../../../../etc/passwd to the web server fuzzd/0.1.1 running the Maintenance Center on port TCP/8088. This can lead to full...
CVE-2018-7539
CVE-2018-7539 affects Appear TV XC5000 and XC5100 devices running firmware 3.26.217. The web server (fuzzd/0.1.1) in Maintenance Center on port 8088 is vulnerable to a directory-traversal attack using crafted URLs (e.g., GET /../../../../../../../../../../../../etc/passwd), allowing an attacker t...