.. / CVE-2018-14064

Exploit for VelotiSmart Wifi - Directory Traversal (CVE-2018-14064)

Description:

VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80.

Nuclei Template

View the template here CVE-2018-14064.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-14064.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-14064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14064
https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac
https://github.com/ARPSyndicate/kenzer-templates
https://www.exploit-db.com/exploits/45030
https://medium.com/%40s1kr10s/velotismart-0day-ca5056bcdcac