CVE-2018-16739

2023-10-2600:00:00

mitre

www.cve.org

abus tvip devices

path traversal

vulnerability

root privileges

code execution

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

40.2%

JSON

An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.

References

sec.maride.cc/posts/abus/

www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen