File Disclosure Vulnerability in VIVOTEK Network Cameras
CVE-2017-9829

7.5HIGH

Key Information:

Vendor: Vivotek
Status: Network Camera Ib8369 Firmware
Vendor: CVE Published:; 23 June 2017

What is CVE-2017-9829?

The web service at '/cgi-bin/admin/downloadMedias.cgi' on various VIVOTEK Network Cameras presents a critical vulnerability. This flaw allows remote attackers to exploit crafted HTTP requests with directory traversal sequences ('..'), potentially granting access to any file within the camera's Linux filesystem. The vulnerability has been confirmed on specific models such as the IB8369, FD8164, and FD816BA, with a high likelihood that other models utilizing similar firmware may also be affected, exposing sensitive data and compromising device integrity.

References

https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20mo...

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 23, 2017

Vivotek

What is CVE-2017-9829?

References

EPSS Score

CVSS V3.1

Timeline