header-logo
Suggest Exploit
vendor:
DreamBox DM800
by:
Anonymous
7.5
CVSS
HIGH
Local File Disclosure
22
CWE
Product Name: DreamBox DM800
Affected Version From: 1.5rc1
Affected Version To: 1.5rc1
Patch Exists: YES
Related CWE: CVE-2012-1234
CPE: a:dream-multimedia-tv:dreambox_dm800_firmware:1.5rc1
Metasploit:
Other Scripts:
Platforms Tested:
2012

DreamBox DM800 Local File Disclosure Vulnerability

DreamBox DM800 is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to update to the latest version of the software.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/50520/info

DreamBox DM800 is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input.

Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.

DreamBox DM800 versions 1.5rc1 and prior are vulnerable. 

http://www.example.com/file/?file=[LFD]

Navigation

Suggest Exploit

Services By CQR

cqrsecured