VelotiSmart WiFi B-380 Camera - Directory Traversal

EDB-ID: 45030
Author: Miguel Mendez Z
Published: 2018-07-16
CVE: CVE-2018-14064
Type: Webapps
Platform: Hardware
Aliases: N/A
Advisory/Source: N/A
Tags: Traversal
Vulnerable App: N/A

 Date: 12-07-2018 
 Scope: Directory Traversal 
 Platforms: Unix 
 Author: Miguel Mendez Z 
 Vendor: VelotiSmart 
 Version: B380 
 CVE: CVE-2018–14064 
  
  
 Vulnerability description 
 ------------------------- 
 - The vulnerability that affects the device is LFI type in the uc-http service 1.0.0. What allows to obtain information of configurations, wireless scanned networks, sensitive directories, etc. Of the device. 
  
 Vulnerable variable: 
 http://domain:80/../../etc/passwd 
  
 Exploit link: 
 https://github.com/s1kr10s/ExploitVelotiSmart 
  
 Poc: 
 https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac

Source: www.exploit-db.com

Exploit Collector

Search Exploit

VelotiSmart WiFi B-380 Camera - Directory Traversal