header-logo
Suggest Exploit
vendor:
DiViS DVR System web-server
by:
Digital Security Research Group [DSecRG]
7.5
CVSS
HIGH
Directory Traversal File Download
22
CWE
Product Name: DiViS DVR System web-server
Affected Version From: 2
Affected Version To: 2
Patch Exists: NO
Related CWE: N/A
CPE: a:chance-i:divis_dvr_system_web-server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-036

DiViS DVR System web-server which fingerprints as Techno Vision Security System has Directory Traversal vulnerability. Successfully exploiting these issues allows remote attackers to access the contents of arbitrary files.

Mitigation:

No patches aviable.
Source

Exploit-DB raw data:

Digital Security Research Group [DSecRG] Advisory       #DSECRG-09-036

original advisory: http://dsecrg.com/pages/vul/DSECRG-09-036.html

Application:                Chance-i DiViS DVR System web-server
Versions Affected:          2.0
Vendor URL:                 http://www.chance-i.com/
Bug:                        Directory Traversal File Download
Exploits:                   YES
Reported:                   13.03.2009
Second Reported:            20.03.2009
Solution:                   NONE
Date of Public Advisory:    09.04.2009
Author:                     Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)



Description
***********

DiViS DVR System web-server which fingerprints as Techno Vision Security System has Directory Traversal vulnerability.



Details
*******

Directory traversal vulnerability find in DiViS DVR System web-server.

Successfully exploiting these issues allows remote attackers to access the contents of arbitrary files.

Example:

http://[server]/../../../../../../../boot.ini



Solution:
*********

We did not get any response from vendor for more than 2 weeks.

No patches aviable.



About
*****

Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards.
Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.


Contact:    research [at] dsecrg [dot] com
            http://www.dsecrg.com
            http://www.dsec.ru

# milw0rm.com [2009-04-10]

Navigation

Suggest Exploit

Services By CQR