CVE-2013-6023

EXPLOITED

TVT Dvr < 3.2.0.p-3520a-03 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI.

Exploits (1)

exploitdb WORKING POC

by Cesar Neira · textwebappshardware

https://www.exploit-db.com/exploits/29959

View Code ZIP pw:eip

References (4)

[Various Sources] http://alguienenlafisi.blogspot.com/2013/10/dvr-tvt-directory-traversal.html

[Exploit] http://www.exploit-db.com/exploits/29959

[US Government Resource] http://www.kb.cert.org/vuls/id/785838

[Exploit] http://www.securityfocus.com/bid/63360

Scores

EPSS 0.1811

EPSS Percentile 95.2%

Details

VulnCheck KEV 2020-12-01

CWE

CWE-22

Status published

Products (18)

tvt/dvr td-2308ss-b

tvt/dvr_firmware 3.1.6.p-1.0.2.1-03

tvt/dvr_firmware 3.1.7.b-1.0.2.1-00

tvt/dvr_firmware 3.1.43.b

tvt/dvr_firmware 3.1.43.p

tvt/dvr_firmware 3.1.75.b-1.0.2.1-00

tvt/dvr_firmware 3.1.81.b-1.0.2.1-00

tvt/dvr_firmware 3.1.83.b-1.0.2.1-00

tvt/dvr_firmware 3.1.83.p-1.0.4.2-03

tvt/dvr_firmware 3.1.87.p-1.0.4.2-17

... and 8 more

Published Nov 02, 2013

Tracked Since Feb 18, 2026