ID
VAR-201112-0306
CVE
CVE-2011-4716
TITLE
DreamBox DM800 Vulnerable to directory traversal
Trust: 0.8
DESCRIPTION
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter. DreamBox DM800 is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. DreamBox DM800 versions 1.5rc1 and prior are vulnerable. Dreambox is a Linux-based digital TV set-top box produced by Dream Multimedia in Germany
Trust: 1.98
AFFECTED PRODUCTS
| vendor: | dream multimedia tv | model: | dreambox dm800 hd pvr | scope: | eq | version: | 1.6 | Trust: 1.6 |
| vendor: | dream multimedia tv | model: | dreambox dm800 hd pvr | scope: | eq | version: | 1.5 | Trust: 1.6 |
| vendor: | dream multimedia tv | model: | dreambox dm800 hd se | scope: | eq | version: | 1.5 | Trust: 1.6 |
| vendor: | dream multimedia tv | model: | dreambox dm800 hd se | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dream multimedia tv | model: | dreambox dm800 hd pvr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dream multimedia tv | model: | dreambox dm800 hd se | scope: | lte | version: | 1.6 | Trust: 1.0 |
| vendor: | dream property | model: | dm800 hd pvr | scope: | - | version: | - | Trust: 0.8 |
| vendor: | dream property | model: | dm800 hd pvr | scope: | eq | version: | 1.5rc1 | Trust: 0.8 |
| vendor: | dream property | model: | dm800 hd pvr | scope: | eq | version: | 1.6rc3 | Trust: 0.8 |
| vendor: | dream property | model: | dm800 hd se | scope: | - | version: | - | Trust: 0.8 |
| vendor: | dream property | model: | dm800 hd se | scope: | eq | version: | 1.5rc1 | Trust: 0.8 |
| vendor: | dream property | model: | dm800 hd se | scope: | eq | version: | 1.6rc3 | Trust: 0.8 |
| vendor: | dream multimedia tv | model: | dreambox dm800 hd se | scope: | eq | version: | 1.6 | Trust: 0.6 |
| vendor: | dream | model: | multimedia dreambox dm800 | scope: | - | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-22 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 1.2
TYPE
path traversal
Trust: 0.6
CONFIGURATIONS
EXPLOIT AVAILABILITY
PATCH
| title: | Top Page | url: | http://www.dream-multimedia-tv.de/ | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2011-4716 | Trust: 2.8 |
| db: | BID | id: | 50520 | Trust: 2.0 |
| db: | EXPLOIT-DB | id: | 18079 | Trust: 1.7 |
| db: | JVNDB | id: | JVNDB-2011-003334 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201112-131 | Trust: 0.7 |
| db: | CNNVD | id: | CNNVD-201111-167 | Trust: 0.6 |
| db: | SEEBUG | id: | SSVID-71796 | Trust: 0.1 |
| db: | SEEBUG | id: | SSVID-72301 | Trust: 0.1 |
| db: | EXPLOIT-DB | id: | 17422 | Trust: 0.1 |
| db: | EXPLOIT-DB | id: | 36286 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-52661 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/50520 | Trust: 1.7 |
| url: | http://www.exploit-db.com/exploits/18079 | Trust: 1.7 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4716 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4716 | Trust: 0.8 |
| url: | http://www.dream-multimedia-tv.de | Trust: 0.3 |
CREDITS
Todor Donev
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-52661 |
| db: | BID | id: | 50520 |
| db: | JVNDB | id: | JVNDB-2011-003334 |
| db: | CNNVD | id: | CNNVD-201111-167 |
| db: | CNNVD | id: | CNNVD-201112-131 |
| db: | NVD | id: | CVE-2011-4716 |
LAST UPDATE DATE
2024-08-14T14:58:24.492000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-52661 | date: | 2013-08-22T00:00:00 |
| db: | BID | id: | 50520 | date: | 2011-12-13T18:28:00 |
| db: | JVNDB | id: | JVNDB-2011-003334 | date: | 2011-12-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201111-167 | date: | 2011-11-08T00:00:00 |
| db: | CNNVD | id: | CNNVD-201112-131 | date: | 2012-01-06T00:00:00 |
| db: | NVD | id: | CVE-2011-4716 | date: | 2013-08-22T06:36:47.970 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-52661 | date: | 2011-12-08T00:00:00 |
| db: | BID | id: | 50520 | date: | 2011-11-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2011-003334 | date: | 2011-12-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201111-167 | date: | 1900-01-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-201112-131 | date: | 2011-12-09T00:00:00 |
| db: | NVD | id: | CVE-2011-4716 | date: | 2011-12-08T19:55:08.233 |