CVE-2019-13408— Advan VD-1 allows users to download arbitrary files
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-13408
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Advan VD-1 allows users to download arbitrary files
Source: NVD (National Vulnerability Database)
Vulnerability Description
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
相对路径遍历
Source: NVD (National Vulnerability Database)
Vulnerability Title
AndroVideo Advan VD-1 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AndroVideo Advan VD-1是中国台湾AndroVideo公司的一款安防摄像头。 使用230及之前版本固件的AndroVideo Advan VD-1中存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| AndroVideo | Advan VD-1 firmware | up to 230 | - |
II. Public POCs for CVE-2019-13408
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-13408
请登录查看更多情报信息。
- http://surl.twcert.org.tw/2bvXqx_refsource_CONFIRM
- https://tvn.twcert.org.tw/taiwanvn/TVN-201906009x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2019-13408
Same Patch Batch · AndroVideo · 2019-08-29 · 5 CVEs total
| CVE-2019-11064 | A vulnerability of remote credential disclosure was discovered in Advan VD-1 | |
| CVE-2019-13405 | Advan VD-1 allows a remote user to enable Android Debug Bridge without any authentication | |
| CVE-2019-13406 | Advan VD-1 has a vulnerability that allows remote arbitrary APK installation | |
| CVE-2019-13407 | Advan VD-1 has a reflected XSS vulnerability in page cgibin/ssi.cgi |
IV. Related Vulnerabilities
Same product: Advan VD-1 firmware
Same vendor: AndroVideo
Same weakness: CWE-23
- CVE-2026-8209
Gibbon<30.0.01路径遍历漏洞导致拒绝服务 - CVE-2026-43533
OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot M - CVE-2026-43616
Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write - CVE-2026-42085
OpenC3 COSMOS: Arbitrary write to plugins directory via path - CVE-2026-22070
ColorOS Assistant Path Traversal Vulnerability
V. Comments for CVE-2019-13408
No comments yet