DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal
Follow us on Twitter!
Title
-----
DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal
Severity
--------
High
Date Discovered
---------------
January 22, 2013
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: r@b13$
Vulnerability Description
-------------------------
The EverFocus EPARA264-16X1 DVR allows unauthenticated remote users to retrieve arbitrary system files that are located outside of the web root through a directory traversal on port 80.
Solution Description
--------------------
EverFocus has provided a solution for this security issue in the form of a firmware upgrade. EPARA264-16X1 devices with firmware version 1.0.3 or later are not affected by the security issue. The firmware update is available from EverFocus technical support.
Tested Systems / Software
-------------------------
EverFocus EPARA264-16X1 Firmware Version 1.0.2
Vendor Contact
--------------
Vendor Name: EverFocus
Vendor Website: https://www.everfocus.com/