EverFocus Multiple Devices Directory Traversal Network Vulnerability

Summary

Multiple EverFocus devices allowing unauthenticated remote users to retrieve arbitrary system files that are located outside of the web root through a directory traversal on port 80.

Solution

Firmware update is available from EverFocus technical support.

References

http://packetstormsecurity.com/files/120827/DDIVRT-2013-50.txt
http://www.everfocus.com/firmware_upgrade.cfm

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

Related Vulnerabilities

Alchemy Eye HTTP Command Execution
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
AdPeeps 'index.php' Multiple Vulnerabilities.

Take action and discover your vulnerabilities