[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal
From: ddivulnalert <ddivulnalert () ddifrontline ! com>
Date: 2012-04-26 17:44:36
Message-ID: 89976E02-614C-4C59-ACEA-71306A6C9F9B () ddifrontline ! com
[Download RAW message or body]
Title
-----
DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal
Severity
--------
High
Date Discovered
---------------
March 8, 2012
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: shmoov and r@b13$
Vulnerability Description
-------------------------
The ACTi Web Configurator 3.0 for ACTi IP Surveillance Cameras contains a directory traversal \
vulnerability within the cgi-bin directory. An unauthenticated remote attacker can use this \
vulnerability to retrieve arbitrary files that are located outside the root of the web server.
Solution Description
--------------------
The production of the cameras employing this version of the ACTi Web Configurator have been \
discontinued. However, a firmware upgrade which addresses the issue is available for download \
from the ACTi support team. Please contact the ACTi support team to retrieve the firmware \
upgrade and instructions on how to apply the changes.
Tested Systems / Software
-------------------------
ACTi Web Configurator 3.0 - camera version unknown
Vendor Contact
--------------
Vendor Name: ACTi Corporation | http://www.acti.com/corporate/Brief.asp
Vendor Website: http://www.acti.com/home/index.asp
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic