CVE-2023-6919 - OpenCVE

Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Biges	Vg-255a-bf Firmware Vg-64c8rd-nvr Firmware Vg-4c1a-lru Firmware Vg-8c1a-lrpu Firmware Vg-4c1a-lrpu Vg-255-df Vg-8c1a-lrpu Vg-4c1a-lrpu Firmware Vg-255-bv Firmware Vg-64c8rd-nvr Vg-255-bv Vg-4c1a-lru Vg-255a-bf Vg-8c1e-nvr Vg-4c1e-nvr Firmware Vg-8c1e-nvr Firmware Vg-255-df Firmware Vg-4c1e-nvr

Configuration 1 [-]

AND

cpe:2.3:o:biges:vg-4c1a-lru_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:biges:vg-4c1a-lru:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:biges:vg-4c1a-lrpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:biges:vg-4c1a-lrpu:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:biges:vg-255a-bf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:biges:vg-255a-bf:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:biges:vg-255-bv_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:biges:vg-255-bv:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:biges:vg-255-df_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:biges:vg-255-df:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:biges:vg-64c8rd-nvr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:biges:vg-64c8rd-nvr:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:biges:vg-4c1e-nvr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:biges:vg-4c1e-nvr:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:biges:vg-8c1e-nvr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:biges:vg-8c1e-nvr:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:biges:vg-8c1a-lrpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:biges:vg-8c1a-lrpu:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-24-0054	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: TR-CERT

Published: 2024-01-26T07:52:59.322Z

Updated: 2024-01-26T07:52:59.322Z

Reserved: 2023-12-18T13:06:02.237Z

Link: CVE-2023-6919

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-26T08:15:42.203

Modified: 2024-02-01T19:43:35.653

Link: CVE-2023-6919

JSON object: View

Redhat Information

No data.

CWE

CWE-25

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-6919", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2023-12-18T13:06:02.237Z", "datePublished": "2024-01-26T07:52:59.322Z", "dateUpdated": "2024-01-26T07:52:59.322Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "VGuard", "vendor": "Biges Safe Life Technologies Electronics Inc.", "versions": [{"lessThan": "V500.0003.R008.4011.C0012.B351.C", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Fatih YILMAZ"}], "datePublic": "2024-01-26T08:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.<p>This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C.</p>"}], "value": "Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C.\n\n"}], "impacts": [{"capecId": "CAPEC-597", "descriptions": [{"lang": "en", "value": "CAPEC-597 Absolute Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-25", "description": "CWE-25 Path Traversal: '/../filedir'", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2024-01-26T07:52:59.322Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0054"}], "source": {"advisory": "TR-24-0054", "defect": ["TR-24-0054"], "discovery": "UNKNOWN"}, "title": "Path Traversal in VGuard IP Camera Network Recorder", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:biges:vg-4c1a-lru_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9EB930A-8960-4F13-9FA1-AF3A8ED5F284", "versionEndExcluding": "500.0003.r008.4011.c0012.b351.c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:biges:vg-4c1a-lru:-:*:*:*:*:*:*:*", "matchCriteriaId": "027FBB09-AB4B-4961-AF21-FE8F05B59FB4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:biges:vg-4c1a-lrpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "17756524-D6A2-44A5-A939-FBFFA0CA19E1", "versionEndExcluding": "500.0003.r008.4011.c0012.b351.c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:biges:vg-4c1a-lrpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "703496E4-753F-4DD3-9134-DE952B284049", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:biges:vg-255a-bf_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "49477B1C-4B2D-4291-B173-7A0835A27198", "versionEndExcluding": "500.0003.r008.4011.c0012.b351.c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:biges:vg-255a-bf:-:*:*:*:*:*:*:*", "matchCriteriaId": "F099A1C9-4EA9-49A0-8479-CE03A10D92C4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:biges:vg-255-bv_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D440B47-C2F2-405E-B46E-D47BB76D264A", "versionEndExcluding": "500.0003.r008.4011.c0012.b351.c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:biges:vg-255-bv:-:*:*:*:*:*:*:*", "matchCriteriaId": "026C9CBB-76DD-42C4-8112-6D90D601897E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:biges:vg-255-df_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA6C4B94-167C-4FCF-8152-D9BF26A8F41C", "versionEndExcluding": "500.0003.r008.4011.c0012.b351.c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:biges:vg-255-df:-:*:*:*:*:*:*:*", "matchCriteriaId": "71111E6B-B8CA-486E-8E19-1ACE9CC57C1B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:biges:vg-64c8rd-nvr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B6F0020-D212-43C9-96D5-5BD36C5C89D1", "versionEndExcluding": "500.0003.r008.4011.c0012.b351.c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:biges:vg-64c8rd-nvr:-:*:*:*:*:*:*:*", "matchCriteriaId": "888954F6-1182-42C4-BB02-E195FE73C7CD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:biges:vg-4c1e-nvr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0FA9FA9-78CA-4B7A-B9B9-15A3AFD08B4D", "versionEndExcluding": "500.0003.r008.4011.c0012.b351.c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:biges:vg-4c1e-nvr:-:*:*:*:*:*:*:*", "matchCriteriaId": "F755B81D-C702-46CE-9AB5-697686E4E7CA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:biges:vg-8c1e-nvr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "24D79F3F-52BF-4107-9B0F-F4DCD6B35E07", "versionEndExcluding": "500.0003.r008.4011.c0012.b351.c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:biges:vg-8c1e-nvr:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BEF4458-2DCF-4064-BAD7-F80573DDC22F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:biges:vg-8c1a-lrpu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BF11C5A-1130-42C9-BAB8-5F481CE6E061", "versionEndExcluding": "500.0003.r008.4011.c0012.b351.c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:biges:vg-8c1a-lrpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F9637FC-968F-463A-9FB4-864D1FDB056E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de Path Traversal: '/../filedir' en Biges Safe Life Technologies Electronics Inc. VGuard permite Absolute Path Traversal. Este problema afecta a VGuard: antes de V500.0003.R008.4011.C0012.B351.C."}], "id": "CVE-2023-6919", "lastModified": "2024-02-01T19:43:35.653", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "iletisim@usom.gov.tr", "type": "Primary"}]}, "published": "2024-01-26T08:15:42.203", "references": [{"source": "iletisim@usom.gov.tr", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-24-0054"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-25"}], "source": "iletisim@usom.gov.tr", "type": "Primary"}]}