← Back

CVE-2013-6023

nvd nist
Published: Nov 2, 2013Modified: Apr 29, 2026

JSON object

Loading...
7.8
Vector
AV:N/AC:L/Au:N/C:C/I:N/A:N
Exploitability: 10.0 / Impact: 6.9
Source: NVD

Description

Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI.

Affected (18)

Products: Tvt: Dvr, Dvr Firmware
Tvt
2 products
Dvr
Dvr Firmware
Configuration A
18 vulnerable
Vulnerable SoftwareAffected Versions
Dvr
Version td-2308ss-b
Tvt
Dvr Firmware
Up to 3.2.0.p-3520a-03
Dvr Firmware
Version 3.1.43.b
Dvr Firmware
Version 3.1.43.p
Dvr Firmware
Version 3.1.6.p-1.0.2.1-03
Dvr Firmware
Version 3.1.7.b-1.0.2.1-00
Dvr Firmware
Version 3.1.75.b-1.0.2.1-00
Dvr Firmware
Version 3.1.81.b-1.0.2.1-00
Dvr Firmware
Version 3.1.83.b-1.0.2.1-00
Dvr Firmware
Version 3.1.83.p-1.0.4.2-03
Dvr Firmware
Version 3.1.87.p-1.0.4.2-17
Dvr Firmware
Version 3.1.91.p-1.0.2.1-03
Dvr Firmware
Version 3.1.92.p-1.0.2.1-00
Dvr Firmware
Version 3.1.93.b-1.0.2.1-17
Dvr Firmware
Version 3.2.0.b-1.0.2.1-17
Dvr Firmware
Version 3.2.0.p-1.0.2.1-03
Dvr Firmware
Version 3.2.0.p-1.0.2.1-17
Dvr Firmware
Version 3.2.0.p-1.0.6.0.32-00

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (8)

Source: cret@cert.org
Source: cret@cert.org
Exploit
Source: cret@cert.org
US Government Resource
Source: cret@cert.org
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.