CVE-2019-7315
HIGH NUCLEIGenie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera <3.x ...
Title source: llmExploitation Summary
CVE-2019-7315 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, and its final firmware version has this vulnerability (4.x versions exist only for other Genie Access products).
Nuclei Templates (1)
Genie Access WIP3BVAF IP Camera - Local File Inclusion
HIGHby 0x_Akoko
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://labs.nettitude.com/blog/cve-2019-7315-genie-access-wip3bvaf-ip-camera-directory-traversal/
Scores
CVSS v3
7.5
EPSS
0.1120
EPSS Percentile
95.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
genieaccess/wip3bvaf_firmware
< 3.0
Published
Jun 17, 2019
Tracked Since
Feb 18, 2026