[] NeoSense
E X P L O I T S
title author type platform port cve id

VelotiSmart WiFi B-380 Camera - Directory Traversal

Author: Miguel Mendez Z
type: webapps
platform: hardware
port: 80.0
date_added: 2018-07-16 
date_updated: 2018-07-16 
verified: 0 
codes: CVE-2018-14064 
tags: Traversal
aliases:  
screenshot_url:  
application_url: 
Title: Vulnerability in VelotiSmart Wifi - Directory Traversal
Date: 12-07-2018
Scope: Directory Traversal
Platforms: Unix
Author: Miguel Mendez Z
Vendor: VelotiSmart
Version: B380
CVE: CVE-2018–14064


Vulnerability description
-------------------------
- The vulnerability that affects the device is LFI type in the uc-http service 1.0.0. What allows to obtain information of configurations, wireless scanned networks, sensitive directories, etc. Of the device.

Vulnerable variable:
http://domain:80/../../etc/passwd

Exploit link:
https://github.com/s1kr10s/ExploitVelotiSmart

Poc:
https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.