FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//).
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Flexwatch_network_video_server | Seyeon | 2.2 (including) | 2.2 (including) |
| Flexwatch_network_video_server | Seyeon | model_132 (including) | model_132 (including) |
References
- http://packetstormsecurity.nl/0310-exploits/FlexWATCH.txt
- http://secunia.com/advisories/10132
- http://securitytracker.com/id?1008049
- http://www.osvdb.org/2842
- http://www.securityfocus.com/bid/8942
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13567
- http://packetstormsecurity.nl/0310-exploits/FlexWATCH.txt
- http://secunia.com/advisories/10132
- http://securitytracker.com/id?1008049
- http://www.osvdb.org/2842
- http://www.securityfocus.com/bid/8942
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13567