Chance-i DiViS DVR System Web-server Directory Traversal Vulnerability

ID SSV:10963
Type seebug
Reporter Root
Modified 2009-04-11T00:00:00


No description provided by source.

                                                Digital Security Research Group [DSecRG] Advisory       #DSECRG-09-036

original advisory:

Application:                Chance-i DiViS DVR System web-server
Versions Affected:          2.0
Vendor URL:       
Bug:                        Directory Traversal File Download
Exploits:                   YES
Reported:                   13.03.2009
Second Reported:            20.03.2009
Solution:                   NONE
Date of Public Advisory:    09.04.2009
Author:                     Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)


DiViS DVR System web-server which fingerprints as Techno Vision Security System has Directory Traversal vulnerability.


Directory traversal vulnerability find in DiViS DVR System web-server.

Successfully exploiting these issues allows remote attackers to access the contents of arbitrary files.




We did not get any response from vendor for more than 2 weeks.

No patches aviable.


Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards.
Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.

Contact:    research [at] dsecrg [dot] com