描述
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication.
AI分析AI驱动
受影响产品
androvideovd_1_firmware
androvideovd_1
-
geovisiongv-vr360_firmware
geovisiongv-vr360
-
geovisiongv-vd8700_firmware
geovisiongv-vd8700
-
参考资料
- http://surl.twcert.org.tw/2bvXqThird Party Advisory
- https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-mdExploitThird Party Advisory
- https://tvn.twcert.org.tw/taiwanvn/TVN-201906009Third Party Advisory
- http://surl.twcert.org.tw/2bvXqThird Party Advisory
- https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-mdExploitThird Party Advisory
- https://tvn.twcert.org.tw/taiwanvn/TVN-201906009Third Party Advisory