cbcvebase.
CVE-2018-14064
published 2018-07-15

CVE-2018-14064: The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80.

PriorityP269critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
37.57%
98.3th percentile
The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80.

Affected

1 ranges
VendorProductVersion rangeFixed in
velotismart_projectvelotismart_wifi_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/../../etc/passwd
urlhttp://domain:80/../../etc/passwd
path/../../etc/passwd
yara
regex: root:[x*]:0:0
  • Send an unauthenticated HTTP GET request with path traversal sequence /../../etc/passwd to port 80 on the target device; a successful exploit returns HTTP 200 with passwd file content matching root:[x*]:0:0
  • The vulnerable service is uc-http version 1.0.0 running on VelotiSmart WiFi B-380 camera devices; look for this service banner on TCP port 80 as an indicator of a potentially exploitable host
  • The vulnerability is LFI-type and can expose configuration files, wireless scanned networks, and sensitive directories beyond /etc/passwd
  • ·The directory traversal payload targets the uc-http service 1.0.0 specifically on VelotiSmart WiFi B-380 firmware; the exploit is unauthenticated and requires no prior access (CVSS PR:N, UI:N)
  • ·CPE scope is limited to velotismart_project:velotismart_wifi_firmware:b-380; detections should be scoped to this specific device/firmware to avoid false positives

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.