CVE-2010-4231
published 2010-11-17CVE-2010-4231: Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera…
PriorityP354high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
9.54%
94.8th percentile
Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| camtron | cmnc-200_firmware | — | — |
| tecvoz | cmnc-200_firmware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Camtron CMNC-200 IP Camera - Directory Traversal
exploitdb·2010-11-13·CVSS 7.8
CVE-2010-4231 [HIGH] Camtron CMNC-200 IP Camera - Directory Traversal
Camtron CMNC-200 IP Camera - Directory Traversal
---
Finding 2: Directory Traversal in Camera Web Server
CVE: CVE-2010-4231
The CMNC-200 IP Camera has a built-in web server that
is enabled by default. The server is vulnerable to directory
transversal attacks, allowing access to any file on the
camera file system.
The following example will display the contents of
/etc/passwd:
GET /../../../../../../../../../../../../../etc/passwd
HTTP/1.1
Because the web server runs as root, an attacker can read
critical files like /etc/shadow from the web-based
administration interface. Authentication is not required for
exploitation.
Vendor Response:
No response received.
Remediation Steps:
No patch currently exists for this issue. To limit exposure,
network access to these devices should be limi
Nuclei
Camtron CMNC-200 IP Camera - Directory Traversal
nuclei·CVSS 7.8
CVE-2010-4231 [HIGH] Camtron CMNC-200 IP Camera - Directory Traversal
Camtron CMNC-200 IP Camera - Directory Traversal
The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.
Template:
id: CVE-2010-4231
info:
name: Camtron CMNC-200 IP Camera - Directory Traversal
author: daffainfo
severity: high
description: The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.
impact: |
An attacker can exploit this vulnerability to access sensitive files and directories on the camera.
remediation: Upgrade to a supported product version.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2010-4231
- https://www.exploit-db.com/exploits/15505
- https://www.trustwave.com/spi
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/15505/http://www.securityfocus.com/archive/1/514753/100/0/threadedhttps://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txthttp://www.exploit-db.com/exploits/15505/http://www.securityfocus.com/archive/1/514753/100/0/threadedhttps://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt
2010-11-17
Published