CVE-2020-8009

AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:motu:avb_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:motu:112d:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:1248:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:16a:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:24ai:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:24ao:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:624:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:828es:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:828x:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:8a:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:8d:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:8m:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:8pre-es:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:avb:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:lp32:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:m64:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:monitor_8:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:moto_avb_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:stage-b16:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:ultralite-mk4:-:*:*:*:*:*:*:*
cpe:2.3:h:motu:ultralite_avb:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:38

Type Values Removed Values Added
References () https://www.securenetworkinc.com/news/2020/1/22/new-vulnerability-motu-avb-directory-traversal - Exploit, Third Party Advisory () https://www.securenetworkinc.com/news/2020/1/22/new-vulnerability-motu-avb-directory-traversal - Exploit, Third Party Advisory

Information

Published : 2020-01-27 14:15

Updated : 2024-11-21 05:38


NVD link : CVE-2020-8009

Mitre link : CVE-2020-8009

CVE.ORG link : CVE-2020-8009


JSON object : View

Products Affected

motu

  • 8m
  • monitor_8
  • 112d
  • stage-b16
  • 24ao
  • ultralite_avb
  • lp32
  • 8d
  • 8pre-es
  • 1248
  • moto_avb_switch
  • avb_firmware
  • avb
  • 828es
  • 16a
  • 24ai
  • 624
  • 828x
  • m64
  • ultralite-mk4
  • 8a
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')