CVE-2019-20085

HIGH KEV NUCLEI

TVT Nvms-1000 Firmware - Path Traversal

Title source: rule

Description

TVT NVMS-1000 devices allow GET /.. Directory Traversal

Exploits (7)

exploitdb WORKING POC

by Mohin Paramasivam · pythonwebappshardware

https://www.exploit-db.com/exploits/48311

View Code ZIP pw:eip

exploitdb WORKING POC

by numan türle · textwebappshardware

https://www.exploit-db.com/exploits/47774

View Code ZIP pw:eip

nomisec WORKING POC 6 stars

by AleDiBen · infoleak

https://github.com/AleDiBen/NVMS1000-Exploit

View Code ZIP pw:eip

nomisec WORKING POC

by Z3R0space · poc

https://github.com/Z3R0space/CVE-2019-20085

View Code ZIP pw:eip

nomisec WORKING POC

by Z3R0-0x30 · infoleak

https://github.com/Z3R0-0x30/CVE-2019-20085

View Code ZIP pw:eip

nomisec WORKING POC

by 0hmsec · infoleak

https://github.com/0hmsec/NVMS-1000-Directory-Traversal-Bash

View Code ZIP pw:eip

metasploit WORKING POC

by Numan Türle, Dhiraj Mishra · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/tvt_nvms_traversal.rb

View Code ZIP pw:eip

Nuclei Templates (1)

TVT NVMS 1000 - Local File Inclusion

HIGHby daffainfo

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/157196/TVT-NVMS-1000-Directory-Traversal.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/47774

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-20085

Scores

CVSS v3 7.5

EPSS 0.9397

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-11-03

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2019-10641

CWE

CWE-22

Status published

Products (1)

tvt/nvms-1000_firmware

Published Dec 30, 2019

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026