CVE-2013-6023
CVSS V2 High 7.8
CVSS V3 None
Description
Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI.
Overview
- CVE ID
- CVE-2013-6023
- Assigner
- cret@cert.org
- Vulnerability Status
- Analyzed
- Published Version
- 2013-11-02T21:55:02
- Last Modified Date
- 2016-03-31T17:31:42
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:h:tvt:dvr:td-2308ss-b:-:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.0.p-3520a-03 | |
| cpe:2.3:o:tvt:dvr_firmware:3.1.6.p-1.0.2.1-03:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:3.1.7.b-1.0.2.1-00:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:3.1.43.b:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:3.1.43.p:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:3.1.75.b-1.0.2.1-00:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:3.1.81.b-1.0.2.1-00:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:3.1.83.b-1.0.2.1-00:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:3.1.83.p-1.0.4.2-03:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:3.1.87.p-1.0.4.2-17:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:3.1.91.p-1.0.2.1-03:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:3.1.92.p-1.0.2.1-00:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:3.1.93.b-1.0.2.1-17:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:3.2.0.b-1.0.2.1-17:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:3.2.0.p-1.0.2.1-03:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:3.2.0.p-1.0.2.1-17:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:tvt:dvr_firmware:3.2.0.p-1.0.6.0.32-00:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:C/I:N/A:N
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 7.8
- Severity
- HIGH
- Exploitability Score
- 10
- Impact Score
- 6.9
References
| Reference URL | Reference Tags |
|---|---|
| http://alguienenlafisi.blogspot.com/2013/10/dvr-tvt-directory-traversal.html | |
| http://www.kb.cert.org/vuls/id/785838 | US Government Resource |
| http://www.securityfocus.com/bid/63360 | Exploit |
| http://www.exploit-db.com/exploits/29959 | Exploit |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2013-6023 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6023 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 10:17:30 | Added to TrackCVE | |||
| 2022-12-01 20:35:20 | cert@cert.org | cret@cert.org | CVE Assigner | updated |
| 2022-12-01 20:35:20 | 2013-11-02T21:55Z | 2013-11-02T21:55:02 | CVE Published Date | updated |
| 2022-12-01 20:35:20 | 2016-03-31T17:31:42 | CVE Modified Date | updated | |
| 2022-12-01 20:35:20 | Analyzed | Vulnerability Status | updated |