Primary

Context

JVC VN-T IP Cameras Directory Traversal Vulnerability Allowing Arbitrary File Read

Vulnerability

A directory traversal vulnerability has been identified in JVC VN-T IP camera models, specifically in the VN-T216VPRU model, running firmware versions prior to 2016-08-22. The vulnerability exists in the 'check.cgi' endpoint, which accepts a user-controlled file parameter. This flaw allows an unauthenticated remote attacker to read arbitrary files from the device.

Impact

Exploitation of this vulnerability leads to local file disclosure, allowing attackers to read sensitive files from the device, such as configuration files containing credentials.

Reproduction

To reproduce this vulnerability, send a request to the 'check.cgi' endpoint with a crafted file parameter that includes directory traversal sequences. This can be done by replacing 'host' and 'port' with the target camera's address and the appropriate port number. The response will include the contents of the requested file, demonstrating the successful exploitation of the directory traversal vulnerability.

Added: Nov 12, 2025, 11:08 PM

Updated: Nov 12, 2025, 11:08 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.9

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.9

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JVC VN-T IP Cameras Directory Traversal Vulnerability Allowing Arbitrary File Read

Vulnerability

Impact

Reproduction

Affected Products

JVC VN-T216VPRU

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating