AVTECH monitoring products information disclosure vulnerability

ID SSV:92491
Type seebug
Reporter Root
Modified 2016-10-25T00:00:00


Due to/cgi-bin/nobody directory of the CGI script file run permissions set unreasonable, resulting in not certified the case directly to run this type of vulnerability has been in the plurality of devices appears, FEI news K1 is because the cgi file to perform the access restrictions unreasonable, can lead to direct access to the router all the configuration information. Attack link example: http://<device_ip>/cgi-bin/nobody/Machine. cgi? action=get_capability Gets the camera device information.