VAR-200607-0487
Vulnerability from variot - Updated: 2024-02-14 22:47Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to bypass access restrictions for (1) admin/aindex.asp or (2) admin/aindex.html via a .. (dot dot) and encoded / (%2f) sequence in the URL. FlexWatch is prone to an authorization-bypass vulnerability. This issue is due to a failure in the application to properly verify user-supplied input. An attacker can exploit this issue to bypass the authorization mechanism. This allows the attacker to gain unauthorized access to the surveillance system. Versions 3.0 and prior are affected.
Hardcore Disassembler / Reverse Engineer
Reversing must be a passion as your skills will be challenged on a daily basis and you will be working several hours everyday in IDA, Ollydbg, and with BinDiff. Often, it is also required that you write a PoC or even a working exploit to prove that an issue is exploitable.
1) Input passed via the URL isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
SOLUTION: Filter malicious characters and character sequences in a proxy server or firewall with URL filtering capabilities.
PROVIDED AND/OR DISCOVERED BY: Jaime Blasco
ORIGINAL ADVISORY: Digital Armaments: http://www.digitalarmaments.com/2006300687985463.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200607-0487",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flexwatch network camera",
"scope": "lte",
"trust": 1.8,
"vendor": "seyeon",
"version": "3.0"
},
{
"model": "flexwatch network camera",
"scope": "eq",
"trust": 0.9,
"vendor": "seyeon",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "18948"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002762"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-244"
},
{
"db": "NVD",
"id": "CVE-2006-3604"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:seyeon:flexwatch_network_camera:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3604"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jaime Blasco is credited with the discovery of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "18948"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-244"
}
],
"trust": 0.9
},
"cve": "CVE-2006-3604",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-3604",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-19712",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-3604",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200607-244",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-19712",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19712"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002762"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-244"
},
{
"db": "NVD",
"id": "CVE-2006-3604"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to bypass access restrictions for (1) admin/aindex.asp or (2) admin/aindex.html via a .. (dot dot) and encoded / (%2f) sequence in the URL. FlexWatch is prone to an authorization-bypass vulnerability. This issue is due to a failure in the application to properly verify user-supplied input. \nAn attacker can exploit this issue to bypass the authorization mechanism. This allows the attacker to gain unauthorized access to the surveillance system. \nVersions 3.0 and prior are affected. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer\n\nReversing must be a passion as your skills will be challenged\non a daily basis and you will be working several hours\neveryday in IDA, Ollydbg, and with BinDiff. Often, it is also\nrequired that you write a PoC or even a working exploit to\nprove that an issue is exploitable. \n\n1) Input passed via the URL isn\u0027t properly sanitised before being\nreturned to the user. This can be exploited to execute arbitrary HTML\nand script code in a user\u0027s browser session in context of an affected\nsite. \n\nSOLUTION:\nFilter malicious characters and character sequences in a proxy server\nor firewall with URL filtering capabilities. \n\nPROVIDED AND/OR DISCOVERED BY:\nJaime Blasco\n\nORIGINAL ADVISORY:\nDigital Armaments:\nhttp://www.digitalarmaments.com/2006300687985463.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3604"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002762"
},
{
"db": "BID",
"id": "18948"
},
{
"db": "VULHUB",
"id": "VHN-19712"
},
{
"db": "PACKETSTORM",
"id": "48144"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-19712",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19712"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-3604",
"trust": 2.5
},
{
"db": "BID",
"id": "18948",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "20994",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002762",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200607-244",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20061103 RE: DIGITAL ARMAMENTS SECURITY ADVISORY 10.07.2006: FLEXWATH AUTHORIZATION BYPASSING AND XSS VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060721 RE: DIGITAL ARMAMENTS SECURITY ADVISORY 10.07.2006: FLEXWATH AUTHORIZATION BYPASSING AND XSS VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060710 DIGITAL ARMAMENTS SECURITY ADVISORY 10.07.2006: FLEXWATH AUTHORIZATION BYPASSING AND XSS VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "27656",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-81785",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "28208",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-19712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48144",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19712"
},
{
"db": "BID",
"id": "18948"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002762"
},
{
"db": "PACKETSTORM",
"id": "48144"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-244"
},
{
"db": "NVD",
"id": "CVE-2006-3604"
}
]
},
"id": "VAR-200607-0487",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-19712"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-14T22:47:51.440000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3604"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.digitalarmaments.com/2006300687985463.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/18948"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/20994"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/439648/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/440893/100/100/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/450478/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27656"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3604"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3604"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/27656"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/439648/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/450478/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/440893/100/100/threaded"
},
{
"trust": 0.3,
"url": "http://www.flexwatch.com/"
},
{
"trust": 0.3,
"url": "/archive/1/439648"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/10980/"
},
{
"trust": 0.1,
"url": "http://[host]/[code]"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/20994/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19712"
},
{
"db": "BID",
"id": "18948"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002762"
},
{
"db": "PACKETSTORM",
"id": "48144"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-244"
},
{
"db": "NVD",
"id": "CVE-2006-3604"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-19712"
},
{
"db": "BID",
"id": "18948"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002762"
},
{
"db": "PACKETSTORM",
"id": "48144"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-244"
},
{
"db": "NVD",
"id": "CVE-2006-3604"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-19712"
},
{
"date": "2006-07-12T00:00:00",
"db": "BID",
"id": "18948"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002762"
},
{
"date": "2006-07-12T07:20:23",
"db": "PACKETSTORM",
"id": "48144"
},
{
"date": "2006-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-244"
},
{
"date": "2006-07-18T15:37:00",
"db": "NVD",
"id": "CVE-2006-3604"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-19712"
},
{
"date": "2006-07-13T21:33:00",
"db": "BID",
"id": "18948"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002762"
},
{
"date": "2006-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-244"
},
{
"date": "2024-02-14T01:17:43.863000",
"db": "NVD",
"id": "CVE-2006-3604"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-244"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FlexWATCH Network Camera Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002762"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-244"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…