ID

VAR-201112-0306


CVE

CVE-2011-4716


TITLE

DreamBox DM800 Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2011-003334

DESCRIPTION

Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter. DreamBox DM800 is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. DreamBox DM800 versions 1.5rc1 and prior are vulnerable. Dreambox is a Linux-based digital TV set-top box produced by Dream Multimedia in Germany

Trust: 1.98

sources: NVD: CVE-2011-4716 // JVNDB: JVNDB-2011-003334 // BID: 50520 // VULHUB: VHN-52661

AFFECTED PRODUCTS

vendor:dream multimedia tvmodel:dreambox dm800 hd pvrscope:eqversion:1.6

Trust: 1.6

vendor:dream multimedia tvmodel:dreambox dm800 hd pvrscope:eqversion:1.5

Trust: 1.6

vendor:dream multimedia tvmodel:dreambox dm800 hd sescope:eqversion:1.5

Trust: 1.6

vendor:dream multimedia tvmodel:dreambox dm800 hd sescope:eqversion: -

Trust: 1.0

vendor:dream multimedia tvmodel:dreambox dm800 hd pvrscope:eqversion: -

Trust: 1.0

vendor:dream multimedia tvmodel:dreambox dm800 hd sescope:lteversion:1.6

Trust: 1.0

vendor:dream propertymodel:dm800 hd pvrscope: - version: -

Trust: 0.8

vendor:dream propertymodel:dm800 hd pvrscope:eqversion:1.5rc1

Trust: 0.8

vendor:dream propertymodel:dm800 hd pvrscope:eqversion:1.6rc3

Trust: 0.8

vendor:dream propertymodel:dm800 hd sescope: - version: -

Trust: 0.8

vendor:dream propertymodel:dm800 hd sescope:eqversion:1.5rc1

Trust: 0.8

vendor:dream propertymodel:dm800 hd sescope:eqversion:1.6rc3

Trust: 0.8

vendor:dream multimedia tvmodel:dreambox dm800 hd sescope:eqversion:1.6

Trust: 0.6

vendor:dreammodel:multimedia dreambox dm800scope: - version: -

Trust: 0.3

sources: BID: 50520 // JVNDB: JVNDB-2011-003334 // CNNVD: CNNVD-201112-131 // NVD: CVE-2011-4716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4716
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4716
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201112-131
value: MEDIUM

Trust: 0.6

VULHUB: VHN-52661
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4716
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-52661
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-52661 // JVNDB: JVNDB-2011-003334 // CNNVD: CNNVD-201112-131 // NVD: CVE-2011-4716

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-52661 // JVNDB: JVNDB-2011-003334 // NVD: CVE-2011-4716

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201111-167 // CNNVD: CNNVD-201112-131

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201112-131

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003334

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-52661

PATCH

title:Top Pageurl:http://www.dream-multimedia-tv.de/

Trust: 0.8

sources: JVNDB: JVNDB-2011-003334

EXTERNAL IDS

db:NVDid:CVE-2011-4716

Trust: 2.8

db:BIDid:50520

Trust: 2.0

db:EXPLOIT-DBid:18079

Trust: 1.7

db:JVNDBid:JVNDB-2011-003334

Trust: 0.8

db:CNNVDid:CNNVD-201112-131

Trust: 0.7

db:CNNVDid:CNNVD-201111-167

Trust: 0.6

db:SEEBUGid:SSVID-71796

Trust: 0.1

db:SEEBUGid:SSVID-72301

Trust: 0.1

db:EXPLOIT-DBid:17422

Trust: 0.1

db:EXPLOIT-DBid:36286

Trust: 0.1

db:VULHUBid:VHN-52661

Trust: 0.1

sources: VULHUB: VHN-52661 // BID: 50520 // JVNDB: JVNDB-2011-003334 // CNNVD: CNNVD-201111-167 // CNNVD: CNNVD-201112-131 // NVD: CVE-2011-4716

REFERENCES

url:http://www.securityfocus.com/bid/50520

Trust: 1.7

url:http://www.exploit-db.com/exploits/18079

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4716

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4716

Trust: 0.8

url:http://www.dream-multimedia-tv.de

Trust: 0.3

sources: VULHUB: VHN-52661 // BID: 50520 // JVNDB: JVNDB-2011-003334 // CNNVD: CNNVD-201111-167 // CNNVD: CNNVD-201112-131 // NVD: CVE-2011-4716

CREDITS

Todor Donev

Trust: 0.9

sources: BID: 50520 // CNNVD: CNNVD-201111-167

SOURCES

db:VULHUBid:VHN-52661
db:BIDid:50520
db:JVNDBid:JVNDB-2011-003334
db:CNNVDid:CNNVD-201111-167
db:CNNVDid:CNNVD-201112-131
db:NVDid:CVE-2011-4716

LAST UPDATE DATE

2024-08-14T14:58:24.492000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-52661date:2013-08-22T00:00:00
db:BIDid:50520date:2011-12-13T18:28:00
db:JVNDBid:JVNDB-2011-003334date:2011-12-13T00:00:00
db:CNNVDid:CNNVD-201111-167date:2011-11-08T00:00:00
db:CNNVDid:CNNVD-201112-131date:2012-01-06T00:00:00
db:NVDid:CVE-2011-4716date:2013-08-22T06:36:47.970

SOURCES RELEASE DATE

db:VULHUBid:VHN-52661date:2011-12-08T00:00:00
db:BIDid:50520date:2011-11-04T00:00:00
db:JVNDBid:JVNDB-2011-003334date:2011-12-13T00:00:00
db:CNNVDid:CNNVD-201111-167date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201112-131date:2011-12-09T00:00:00
db:NVDid:CVE-2011-4716date:2011-12-08T19:55:08.233