cbcvebase.
CVE-2019-20085
published 2019-12-30

CVE-2019-20085: TVT NVMS-1000 devices allow GET /.. Directory Traversal

PriorityP189high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
96.07%
99.9th percentile
TVT NVMS-1000 devices allow GET /.. Directory Traversal

Detection & IOCsextracted from sources · hover to see the quote

url/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwindows%2Fwin.ini
path../../../../../../../../../../../../../
pathwindows/win.ini
commandGET /..
  • Detect directory traversal attempts by matching URL-encoded traversal sequences in GET requests targeting NVMS-1000 devices (port 80). Look for patterns like '..%2F' repeated in the request path.
  • Also detect unencoded traversal sequences in GET requests: repeated '../' segments (13 levels deep) followed by a target filename path.
  • ·The vulnerability is unauthenticated and requires no prior access. The exploit targets NVMS-1000 version 3.4.1 specifically, but version information may not always be available for scoping detections.
  • ·This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active in-the-wild exploitation. Prioritize detection and patching accordingly.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.