Foscam Prior to 11.37.2.49 Directory Traversal Vulnerability
BID:58290
Info
Foscam Prior to 11.37.2.49 Directory Traversal Vulnerability
| Bugtraq ID: | 58290 |
| Class: | Design Error |
| CVE: |
CVE-2013-2560 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 01 2013 12:00AM |
| Updated: | Oct 16 2013 01:04AM |
| Credit: | Frederic Basse |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Foscam Prior to 11.37.2.49 Directory Traversal Vulnerability
Foscam is prone to a directory-traversal vulnerability.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. This may aid in further attacks.
Foscam is prone to a directory-traversal vulnerability.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. This may aid in further attacks.
Exploit / POC
Foscam Prior to 11.37.2.49 Directory Traversal Vulnerability
An attacker can use readily available tools to exploit this issue.
The following example is available:
GET //../proc/kcore HTTP/1.0
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
An attacker can use readily available tools to exploit this issue.
The following example is available:
GET //../proc/kcore HTTP/1.0
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
Foscam Prior to 11.37.2.49 Directory Traversal Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Foscam Prior to 11.37.2.49 Directory Traversal Vulnerability
References:
References: