CVE-2018-9010

Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password.

Published : 2018-03-25 18:29 Updated : 2018-04-20 14:19

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Intelbras Telefone Ip Firmware 60.0.75.29 cpe:/o:intelbras:telefone_ip_firmware:60.0.75.29
  1. Intelbras (1) Search CVE
    1. Telefone Ip Firmware (1) Search CVE
      1. 60.0.75.29

CWE

ID Name Description Links
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. CVE

Reference

History of changes

Date Event
2018-04-20 14:19
2018-03-25 18:29

New CVE