Vulnerabilities > CVE-2019-13408 - Missing Authorization vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

androvideo

geovision

CWE-862

NVD

Published: 2019-08-29

Updated: 2020-10-08

Summary

A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication.

Vulnerable Configurations

Part	Description	Count
OS	Androvideo Androvideo VD 1 Firmware 230	1
OS	Geovision Geovision GV Vr360 Firmware 1.03 Geovision GV Vr360 Firmware 1.10 Geovision GV Vd8700 Firmware 1.01	3
Hardware	Androvideo Androvideo VD 1 -	1
Hardware	Geovision Geovision GV Vr360 - Geovision GV Vd8700 -	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

http://surl.twcert.org.tw/2bvXq
https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md
https://tvn.twcert.org.tw/taiwanvn/TVN-201906009