CVE-2006-3604

FlexWATCH Network Camera <= 3.0 - Directory Traversal via Dot-Dot-Encoded Slash Sequence

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3604. PoCs published by Jaime Blasco.

AI-analyzed exploit summary The exploit describes an authorization bypass vulnerability in FlexWatch versions 3.0 and prior. It leverages a path traversal technique using '/..%2f' to access administrative pages without proper authentication.

Description

Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to bypass access restrictions for (1) admin/aindex.asp or (2) admin/aindex.html via a .. (dot dot) and encoded / (%2f) sequence in the URL.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Jaime Blasco · textwebappsasp

https://www.exploit-db.com/exploits/28208

View Code ZIP pw:eip

The exploit describes an authorization bypass vulnerability in FlexWatch versions 3.0 and prior. It leverages a path traversal technique using '/..%2f' to access administrative pages without proper authentication.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: FlexWatch 3.0 and prior

No auth needed

Prerequisites: Network access to the target system · Knowledge of the target URL structure

MITRE ATT&CK