CVE-2018-14064
published 2018-07-15CVE-2018-14064: The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80.
PriorityP269critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
37.57%
98.3th percentile
The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| velotismart_project | velotismart_wifi_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
regex: root:[x*]:0:0
- →Send an unauthenticated HTTP GET request with path traversal sequence /../../etc/passwd to port 80 on the target device; a successful exploit returns HTTP 200 with passwd file content matching root:[x*]:0:0 ↗
- →The vulnerable service is uc-http version 1.0.0 running on VelotiSmart WiFi B-380 camera devices; look for this service banner on TCP port 80 as an indicator of a potentially exploitable host ↗
- →The vulnerability is LFI-type and can expose configuration files, wireless scanned networks, and sensitive directories beyond /etc/passwd ↗
- ·The directory traversal payload targets the uc-http service 1.0.0 specifically on VelotiSmart WiFi B-380 firmware; the exploit is unauthenticated and requires no prior access (CVSS PR:N, UI:N) ↗
- ·CPE scope is limited to velotismart_project:velotismart_wifi_firmware:b-380; detections should be scoped to this specific device/firmware to avoid false positives ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
VelotiSmart WiFi B-380 Camera - Directory Traversal
exploitdb·2018-07-16
CVE-2018-14064 VelotiSmart WiFi B-380 Camera - Directory Traversal
VelotiSmart WiFi B-380 Camera - Directory Traversal
---
Title: Vulnerability in VelotiSmart Wifi - Directory Traversal
Date: 12-07-2018
Scope: Directory Traversal
Platforms: Unix
Author: Miguel Mendez Z
Vendor: VelotiSmart
Version: B380
CVE: CVE-2018–14064
Vulnerability description
- The vulnerability that affects the device is LFI type in the uc-http service 1.0.0. What allows to obtain information of configurations, wireless scanned networks, sensitive directories, etc. Of the device.
Vulnerable variable:
http://domain:80/../../etc/passwd
Exploit link:
https://github.com/s1kr10s/ExploitVelotiSmart
Poc:
https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac
Nuclei
VelotiSmart Wifi - Directory Traversal
nuclei·CVSS 9.8
CVE-2018-14064 [CRITICAL] VelotiSmart Wifi - Directory Traversal
VelotiSmart Wifi - Directory Traversal
VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80.
Template:
id: CVE-2018-14064
info:
name: VelotiSmart Wifi - Directory Traversal
author: 0x_Akoko
severity: critical
description: VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80.
impact: |
Unauthenticated attackers can read arbitrary files on the VelotiSmart WiFi B-380 camera device through directory traversal, potentially exposing sensitive configuration files, stored credentials, and system information.
remediation: |
Apply the latest security patches or updates provided by the vendor to fix the director
No writeups or analysis indexed.
2018-07-15
Published