CVE-2018-15745

HIGH IN THE WILD NUCLEI

Argus Surveillance DVR 4.0.0.0 - Directory Traversal

Title source: metasploit

Description

Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.

Exploits (3)

exploitdb WORKING POC VERIFIED
by hyp3rlinx · textwebappswindows_x86
https://www.exploit-db.com/exploits/45296
nomisec WORKING POC
by Jasurbek-Masimov · poc
https://github.com/Jasurbek-Masimov/CVE-2018-15745
metasploit WORKING POC
by Maxwell Francis, John Page · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/argus_dvr_4_lfi_cve_2018_15745.rb

Nuclei Templates (1)

Argus Surveillance DVR 4.0.0.0 - Local File Inclusion
HIGHby gy741
Shodan: http.title:"web viewer for samsung dvr"
FOFA: title="web viewer for samsung dvr"

References (3)

Scores

CVSS v3 7.5
EPSS 0.8869
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

InTheWild.io 2023-05-11
CWE
CWE-22
Status published
Products (1)
argussurveillance/dvr 4.0.0.0
Published Aug 30, 2018
Tracked Since Feb 18, 2026