AVTECH monitoring products information disclosure vulnerability

2016-10-25T00:00:00
ID SSV:92491
Type seebug
Reporter Root
Modified 2016-10-25T00:00:00

Description

Due to/cgi-bin/nobody directory of the CGI script file run permissions set unreasonable, resulting in not certified the case directly to run this type of vulnerability has been in the plurality of devices appears, FEI news K1 is because the cgi file to perform the access restrictions unreasonable, can lead to direct access to the router all the configuration information. Attack link example: http://<device_ip>/cgi-bin/nobody/Machine. cgi? action=get_capability Gets the camera device information.