Path Traversal in Neutron IP Camera

Summary

CVE	CVE-2023-6118
State	PUBLISHED
Assigner	TR-CERT
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-11-23 15:15:10 UTC
Updated	2024-11-21 08:43:09 UTC
Description	Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal. This issue affects IP Camera: before b1130.1.0.1.

Risk And Classification

Primary CVSS: v3.1 7.5 HIGH from [email protected]

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS: 0.001050000 probability, percentile 0.280930000 (date 2026-05-27)

Problem Types: CWE-25 | CWE-22 | CWE-25 CWE-25 Path Traversal: '/../filedir'

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Secondary	7.5	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`
3.1	CNA	CVSS	7.5	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`

CVSS v3.1 Breakdown

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Neutron	Ipc2224-sr3-npf-36	-	All	All	All
Operating System	Neutron	Ipc2224-sr3-npf-36 Firmware	All	All	All	All
Hardware	Neutron	Ipc2624-sr3-npf-36	-	All	All	All
Operating System	Neutron	Ipc2624-sr3-npf-36 Firmware	All	All	All	All
Hardware	Neutron	Neu-ipb210-28	-	All	All	All
Operating System	Neutron	Neu-ipb210-28 Firmware	All	All	All	All
Hardware	Neutron	Neu-ipb410-28	-	All	All	All
Operating System	Neutron	Neu-ipb410-28 Firmware	All	All	All	All
Hardware	Neutron	Neu-ipbm211	-	All	All	All
Operating System	Neutron	Neu-ipbm211 Firmware	All	All	All	All
Hardware	Neutron	Neu-ipbm411	-	All	All	All
Operating System	Neutron	Neu-ipbm411 Firmware	All	All	All	All
Hardware	Neutron	Neu-ipd220-28	-	All	All	All
Operating System	Neutron	Neu-ipd220-28 Firmware	All	All	All	All
Hardware	Neutron	Neu-ipdm221	-	All	All	All
Operating System	Neutron	Neu-ipdm221 Firmware	All	All	All	All
Hardware	Neutron	Neu-ipdm421	-	All	All	All
Operating System	Neutron	Neu-ipdm421 Firmware	All	All	All	All
Hardware	Neutron	Ntl-bc-01w	-	All	All	All
Operating System	Neutron	Ntl-bc-01w Firmware	All	All	All	All
Hardware	Neutron	Ntl-bc-03-snm	-	All	All	All
Operating System	Neutron	Ntl-bc-03-snm Firmware	All	All	All	All
Hardware	Neutron	Ntl-bc-03-snp	-	All	All	All
Operating System	Neutron	Ntl-bc-03-snp Firmware	All	All	All	All
Hardware	Neutron	Ntl-bc01-m	-	All	All	All
Operating System	Neutron	Ntl-bc01-m Firmware	All	All	All	All
Hardware	Neutron	Ntl-ip05-3mp	-	All	All	All
Operating System	Neutron	Ntl-ip05-3mp Firmware	All	All	All	All
Hardware	Neutron	Ntl-pt-06wod-3mp	-	All	All	All
Operating System	Neutron	Ntl-pt-06wod-3mp Firmware	All	All	All	All
Hardware	Neutron	Ntl-pt-09-wos-3mp	-	All	All	All
Operating System	Neutron	Ntl-pt-09-wos-3mp Firmware	All	All	All	All
Hardware	Neutron	Ntl-pt-10-4gwos-3mp	-	All	All	All
Operating System	Neutron	Ntl-pt-10-4gwos-3mp Firmware	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Neutron	IP Camera	affected b1130.1.0.1 custom	Not specified

References

Reference	Source	Link	Tags
www.usom.gov.tr/bildirim/tr-23-0658	af854a3a-2127-422b-91ae-364da2661108	www.usom.gov.tr	Third Party Advisory
siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0658	https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0658	siberguvenlik.gov.tr	government-resource
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

CNA: Cemil Sefa OZCAN (en)

CNA: Omer YILMAZ (en)

CNA: Efe OZEL (en)

CNA: fordefence.com (en)

There are currently no legacy QID mappings associated with this CVE.