Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-14064 PoC — VelotiSmart WiFi B-380摄像头设备uc-http service 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-14064.yaml
Associated Vulnerability
Title:VelotiSmart WiFi B-380摄像头设备uc-http service 安全漏洞 (CVE-2018-14064)
Description:VelotiSmart WiFi B-380 camera是一款网络摄像头设备。uc-http service是其中的一个HTTP服务组件。 VelotiSmart WiFi B-380摄像头设备上的uc-http service 1.0.0版本中存在安全漏洞。攻击者可利用该漏洞获取设备的配置,无线扫描网络和敏感目录的信息。
Description
VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80.
File Snapshot

 id: CVE-2018-14064

info:
  name: VelotiSmart Wifi - Directory Traversal
  author: 0x_Akoko
  severi

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.