| 제목 | Mercury MNVR816 Video Recorder 2.0.1.0.5 File and Directory Information Exposure |
|---|
| 설명 |
# An unauthenticated web interface in Mercury-MNVR816 Video Recorder
## Overview
* Type: Information leak
* Supplier: Mercury
* Victim URL: http://192.168.1.240/web-static/
* Product: MNVR816
* Affect version: (lastest) 2.0.1.0.5
* Firmware download: https://service.mercurycom.com.cn/download-2582.html
## Description
An unauthenticated web interface is able to leak local files of the affected video recorder devices. Without any permission, attackers can get sensitive information about the device from the victim URL.
The victim URL is a hidden interface and hasn't been protected by any authentication and authorization.
## Business Impact
The unauthenticated web interface could lead to serious damage. Thus the vulnerability is very dangerous which could also result in reputational damage for the business through the impact on customers' trust.
## Steps to Reproduce
Visit the victim URL from the web, and you can browse the local files without any permission.
|
|---|
| 사용자 | leetmoon (UID 42673) |
|---|
| 제출 | 2024. 09. 02. AM 09:28 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 09. 10. PM 03:11 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 276963 [Mercury MNVR816 까지 2.0.1.0.5 /web-static/ 권한 상승] |
|---|
| 포인트들 | 17 |
|---|