VelotiSmart WiFi B-380 Camera - Directory Traversal

EDB-ID:

45030

CVE:

2018-14064

EDB Verified:

Author:

Miguel Mendez Z

Type:

webapps

Exploit:   /  

Platform:

Hardware

Date:

2018-07-16

Vulnerable App: 
Title: Vulnerability in VelotiSmart Wifi - Directory Traversal
Date: 12-07-2018
Scope: Directory Traversal
Platforms: Unix
Author: Miguel Mendez Z
Vendor: VelotiSmart
Version: B380
CVE: CVE-2018–14064


Vulnerability description
-------------------------
- The vulnerability that affects the device is LFI type in the uc-http service 1.0.0. What allows to obtain information of configurations, wireless scanned networks, sensitive directories, etc. Of the device.

Vulnerable variable:
http://domain:80/../../etc/passwd

Exploit link:
https://github.com/s1kr10s/ExploitVelotiSmart

Poc:
https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac
Tags: Traversal
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services