An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Avideo | Wwbn | 11.6 (including) | 11.6 (including) |