CVE-2011-4716

DreamBox DM800 Firmware < 1.6 - Path Traversal via File Parameter

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2011-4716. PoCs published by Todor Donev, ShellVision.

AI-analyzed exploit summary The provided text describes a local file disclosure vulnerability in DreamBox DM800 versions 1.5rc1 and prior. It lacks executable exploit code, instead offering a generic URL pattern for exploitation.

Description

Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter.

Exploits (3)

exploitdb WRITEUP VERIFIED

by Todor Donev · textwebappshardware

https://www.exploit-db.com/exploits/36286

View Code ZIP pw:eip

The provided text describes a local file disclosure vulnerability in DreamBox DM800 versions 1.5rc1 and prior. It lacks executable exploit code, instead offering a generic URL pattern for exploitation.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: DreamBox DM800 versions 1.5rc1 and prior

No auth needed

Prerequisites: Network access to the vulnerable DreamBox DM800 device

MITRE ATT&CK

T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by ShellVision · textremotehardware

https://www.exploit-db.com/exploits/17422

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file download vulnerability in DreamBox DM800 via directory traversal in the HTTP GET method. It allows attackers to access sensitive files like /etc/shadow without authentication.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: DreamBox DM800 <= 1.6rc3

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Todor Donev · perlremotehardware

https://www.exploit-db.com/exploits/18079

View Code ZIP pw:eip

This Perl script exploits a remote file disclosure vulnerability in DreamBox DM800 <= 1.5rc1 by sending a crafted HTTP request to retrieve arbitrary files from the target device. The exploit leverages a path traversal flaw in the web interface to read sensitive files like /etc/passwd.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: DreamBox DM800 <= 1.5rc1

No auth needed

Prerequisites: Network access to the target device · Web interface exposed on the target

MITRE ATT&CK

T1005 - Data from Local System T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18079

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/50520

Scores

EPSS 0.0254

EPSS Percentile 85.9%

Details

CWE

CWE-22

Status published

Products (6)

dream-multimedia-tv/dreambox_dm800_hd_pvr

dream-multimedia-tv/dreambox_dm800_hd_pvr_firmware 1.5 rc1

dream-multimedia-tv/dreambox_dm800_hd_pvr_firmware 1.6 rc3

dream-multimedia-tv/dreambox_dm800_hd_se

dream-multimedia-tv/dreambox_dm800_hd_se_firmware 1.5 rc1

dream-multimedia-tv/dreambox_dm800_hd_se_firmware < 1.6

Published Dec 08, 2011

Tracked Since Feb 18, 2026