CVE-2013-6023

Published Nov 2, 2013

Last updated 9 years ago

CVSS info 7.8

Overview

Description: Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI.
Source: cret@cert.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:tvt:dvr:td-2308ss-b:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EBB87B3-B7FF-4D14-B4A1-8F7157B4893E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCA58536-640A-4E65-A429-B51D6F290A79",
            "versionEndIncluding": "3.2.0.p-3520a-03"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.1.6.p-1.0.2.1-03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2CE0FC6-1A91-4DFB-B816-848761396A76"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.1.7.b-1.0.2.1-00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFEFFCBC-AE00-4027-9562-0305F72CC365"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.1.43.b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32542069-F112-4E0A-8A2F-3BFC0D68EFD6"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.1.43.p:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "213B366A-07D3-4D36-A7F9-1E664B19B20F"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.1.75.b-1.0.2.1-00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D211A07D-258C-405F-9D52-E5261891971F"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.1.81.b-1.0.2.1-00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6DDC083-FA33-47CF-BAA4-E1AD9CB5670D"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.1.83.b-1.0.2.1-00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECE5730C-7F36-4A60-B543-745CDB08BA01"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.1.83.p-1.0.4.2-03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8CCDD03-0A4C-4F06-ADB8-66EFB36BC1EC"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.1.87.p-1.0.4.2-17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFB5CA33-1C63-4D24-9B1D-C89D386251E5"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.1.91.p-1.0.2.1-03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "182701D5-63AE-49D7-A228-42A69656AF9A"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.1.92.p-1.0.2.1-00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4437B55C-CD0E-41C7-8236-C035E3C65E30"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.1.93.b-1.0.2.1-17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D71B2ACA-1982-4A23-A999-BCB7247E7BF9"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.2.0.b-1.0.2.1-17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "695EADA7-8CF9-4BAA-82C2-4AE1FEDC0C20"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.2.0.p-1.0.2.1-03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17CE89E0-E9F3-466F-8939-B279233B823D"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.2.0.p-1.0.2.1-17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1244E0DB-1476-4536-A376-CE6DC2E3C6E0"
          },
          {
            "criteria": "cpe:2.3:o:tvt:dvr_firmware:3.2.0.p-1.0.6.0.32-00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57F2FBCB-9359-47A0-9CC7-F46B69F36E28"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References