CVE-2011-4880

atvise webMI2ADS < 2.0.2 - Path Traversal via Crafted HTTP Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4880.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in atvise webMI2ADS, including directory traversal, NULL pointer dereference, remote shutdown, and resource consumption via crafted HTTP requests. It provides functional proof-of-concept code using external tools like 'mydown' and 'udpsz'.

Description

Directory traversal vulnerability in the web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to read arbitrary files via a crafted HTTP request.

Exploits (1)

exploitdb WORKING POC

doswindows

https://www.exploit-db.com/exploits/17963

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in atvise webMI2ADS, including directory traversal, NULL pointer dereference, remote shutdown, and resource consumption via crafted HTTP requests. It provides functional proof-of-concept code using external tools like 'mydown' and 'udpsz'.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: atvise webMI2ADS <= 1.0

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1005 - Data from Local System T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

US Government Resource x_refsource_misc

http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf

Scores

EPSS 0.0553

EPSS Percentile 91.8%

Details

CWE

CWE-22

Status published

Products (3)

atvise/webmi2ads 1.0

atvise/webmi2ads 2.0

atvise/webmi2ads < 2.0.1

Published Apr 13, 2012

Tracked Since Feb 18, 2026