Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intellinet-network | nfc-30ir_firmware | lm.1.6.16.05 |
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intellinet-network | nfc-30ir_firmware | lm.1.6.16.05 |