CVE-2017-9829
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
23/06/2017
Last modified:
20/04/2025
Description
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:vivotek:network_camera_ib8369_firmware:ib8369-vvtk-0102a:*:*:*:*:*:*:* | ||
| cpe:2.3:h:vivotek:network_camera_ib8369:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vivotek:network_camera_fd8164_firmware:fd8164-_vvtk-0200b:*:*:*:*:*:*:* | ||
| cpe:2.3:h:vivotek:network_camera_fd8164:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vivotek:network_camera_fd816ba_firmware:fd816ba-vvtk-010101.:*:*:*:*:*:*:* | ||
| cpe:2.3:h:vivotek:network_camera_fd816ba:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page