Hillstone Networks

RULE（RULE ID：324158）

Rule General Information


Release Date:		2020-01-20

Rule Name:		Argus Surveillance DVR Directory Traversal Vulnerability (CVE-2018-15745)

Severity:

CVE ID:

Rule Protection Details


Description:		Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Windows, Network Device, Others

Reference:		ExploitDB:45296 http://hyp3rlinx.altervista.org/advisories/ARGUS-SURVEILLANCE-DVR-v4-UNAUTHENTICATED-PATH-TRAVERSAL-FILE-DISCLOSURE.txt http://packetstormsecurity.com/files/149134/Argus-Surveillance-DVR-4.0.0.0-Directory-Traversal.html

Solutions

The vendors have released upgrade patches to fix vulnerabilities, please visit:
http://www.argussurveillance.com/