Path Traversal Vulnerability in Cisco Linksys Wireless Video Camera
CVE-2009-1559

Currently unrated

Key Information:

Vendor: Cisco
Status: Wvc54gca
Vendor: CVE Published:; 6 May 2009

Summary

An absolute path traversal vulnerability exists in the adm/file.cgi component of the Cisco Linksys WVC54GCA wireless video camera. This flaw allows remote attackers to access arbitrary files on the server by exploiting the 'this_file' parameter with an absolute pathname. Attackers may use traversal techniques, likely utilizing '..' sequences, to navigate through the filesystem and gain unauthorized access to sensitive data stored on the device.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/50231

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/34713

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2009/1173

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
May 6, 2009
Vulnerability Reserved
May 6, 2009