Sign-up

ID

VAR-200412-0233


CVE

CVE-2004-2507


TITLE

Linksys Web Camera Software next_file Parameter file leak vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-1217

DESCRIPTION

Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter. Linksys Web Camera software version 2.10 is reportedly prone to this issue, however, it is possible that other versions are affected as well. Linksys Web Camera has an input validation vulnerability when processing user requests. The main.cgi program of Linksys Web Camera lacks sufficient inspection and filtering for the \'\'next_file\'\' parameter submitted by the user. If the system file name is submitted as a parameter, the attacker can read the content of the corresponding file

Trust: 1.26

sources: NVD: CVE-2004-2507 // BID: 10476 // VULHUB: VHN-10935

AFFECTED PRODUCTS

vendor:linksysmodel:wvc11bscope:eqversion:2.10

Trust: 1.6

vendor:linksysmodel:web camera softwarescope:eqversion:2.10

Trust: 0.3

sources: BID: 10476 // CNNVD: CNNVD-200412-1217 // NVD: CVE-2004-2507

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2507
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200412-1217
value: MEDIUM

Trust: 0.6

VULHUB: VHN-10935
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-2507
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-10935
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-10935 // CNNVD: CNNVD-200412-1217 // NVD: CVE-2004-2507

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2507

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-1217

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200412-1217

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-10935

EXTERNAL IDS
db:BIDid:10476
Trust: 2.0
db:NVDid:CVE-2004-2507
Trust: 1.7
db:OSVDBid:7112
Trust: 1.7
db:SECTRACKid:1010489
Trust: 1.7
db:SECUNIAid:11811
Trust: 1.7
db:CNNVDid:CNNVD-200412-1217
Trust: 0.7
db:XFid:16339
Trust: 0.6
db:BUGTRAQid:20040606 LINKSYS WEB CAMERA FILE INCLUSION VULN
Trust: 0.6
db:NSFOCUSid:6571
Trust: 0.6
db:SEEBUGid:SSVID-77908
Trust: 0.1
db:EXPLOIT-DBid:24175
Trust: 0.1
db:VULHUBid:VHN-10935
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10935 // 
            
            
            
            BID: 10476 // 
            
            
            
            CNNVD: CNNVD-200412-1217 // 
            
            
            
            NVD: CVE-2004-2507

REFERENCES
url:http://www.securityfocus.com/bid/10476
Trust: 1.7
url:http://archives.neohapsis.com/archives/bugtraq/2004-06/0103.html
Trust: 1.7
url:http://www.osvdb.org/7112
Trust: 1.7
url:http://securitytracker.com/id?1010489
Trust: 1.7
url:http://secunia.com/advisories/11811/
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16339
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/16339
Trust: 0.6
url:http://www.nsfocus.net/vulndb/6571
Trust: 0.6
url:http://www.linksys.com/
Trust: 0.3
url:/archive/1/365387
Trust: 0.3
sources:
            
            
            VULHUB: VHN-10935 // 
            
            
            
            BID: 10476 // 
            
            
            
            CNNVD: CNNVD-200412-1217 // 
            
            
            
            NVD: CVE-2004-2507

CREDITS
John Doe※ guldens111@hotmail.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200412-1217

SOURCES
db:VULHUBid:VHN-10935
db:BIDid:10476
db:CNNVDid:CNNVD-200412-1217
db:NVDid:CVE-2004-2507

LAST UPDATE DATE
2024-08-14T14:08:57.620000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-10935date:2017-07-11T00:00:00
db:BIDid:10476date:2004-06-07T00:00:00
db:CNNVDid:CNNVD-200412-1217date:2006-01-25T00:00:00
db:NVDid:CVE-2004-2507date:2017-07-11T01:31:57.703

SOURCES RELEASE DATE
db:VULHUBid:VHN-10935date:2004-12-31T00:00:00
db:BIDid:10476date:2004-06-07T00:00:00
db:CNNVDid:CNNVD-200412-1217date:2004-06-07T00:00:00
db:NVDid:CVE-2004-2507date:2004-12-31T05:00:00