VAR-201112-0306
Vulnerability from variot - Updated: 2025-04-11 23:05Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter. DreamBox DM800 is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. DreamBox DM800 versions 1.5rc1 and prior are vulnerable. Dreambox is a Linux-based digital TV set-top box produced by Dream Multimedia in Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0306",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dreambox dm800 hd pvr",
"scope": "eq",
"trust": 1.6,
"vendor": "dream multimedia tv",
"version": "1.6"
},
{
"model": "dreambox dm800 hd pvr",
"scope": "eq",
"trust": 1.6,
"vendor": "dream multimedia tv",
"version": "1.5"
},
{
"model": "dreambox dm800 hd se",
"scope": "eq",
"trust": 1.6,
"vendor": "dream multimedia tv",
"version": "1.5"
},
{
"model": "dreambox dm800 hd se",
"scope": "lte",
"trust": 1.0,
"vendor": "dream multimedia tv",
"version": "1.6"
},
{
"model": "dreambox dm800 hd se",
"scope": "eq",
"trust": 1.0,
"vendor": "dream multimedia tv",
"version": null
},
{
"model": "dreambox dm800 hd pvr",
"scope": "eq",
"trust": 1.0,
"vendor": "dream multimedia tv",
"version": null
},
{
"model": "dm800 hd pvr",
"scope": null,
"trust": 0.8,
"vendor": "dream property",
"version": null
},
{
"model": "dm800 hd pvr",
"scope": "eq",
"trust": 0.8,
"vendor": "dream property",
"version": "1.5rc1"
},
{
"model": "dm800 hd pvr",
"scope": "eq",
"trust": 0.8,
"vendor": "dream property",
"version": "1.6rc3"
},
{
"model": "dm800 hd se",
"scope": null,
"trust": 0.8,
"vendor": "dream property",
"version": null
},
{
"model": "dm800 hd se",
"scope": "eq",
"trust": 0.8,
"vendor": "dream property",
"version": "1.5rc1"
},
{
"model": "dm800 hd se",
"scope": "eq",
"trust": 0.8,
"vendor": "dream property",
"version": "1.6rc3"
},
{
"model": "dreambox dm800 hd se",
"scope": "eq",
"trust": 0.6,
"vendor": "dream multimedia tv",
"version": "1.6"
},
{
"model": "multimedia dreambox dm800",
"scope": null,
"trust": 0.3,
"vendor": "dream",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "50520"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003334"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-131"
},
{
"db": "NVD",
"id": "CVE-2011-4716"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:dream-multimedia-tv:dreambox_dm800_hd_pvr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:dream-multimedia-tv:dreambox_dm800_hd_pvr_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dream-multimedia-tv:dreambox_dm800_hd_se",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:dream-multimedia-tv:dreambox_dm800_hd_se_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003334"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Todor Donev",
"sources": [
{
"db": "BID",
"id": "50520"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-167"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4716",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-4716",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-52661",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4716",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-4716",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-131",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52661",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52661"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003334"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-131"
},
{
"db": "NVD",
"id": "CVE-2011-4716"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter. DreamBox DM800 is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. \nExploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. \nDreamBox DM800 versions 1.5rc1 and prior are vulnerable. Dreambox is a Linux-based digital TV set-top box produced by Dream Multimedia in Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4716"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003334"
},
{
"db": "BID",
"id": "50520"
},
{
"db": "VULHUB",
"id": "VHN-52661"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-52661",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52661"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4716",
"trust": 2.8
},
{
"db": "BID",
"id": "50520",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "18079",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003334",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201112-131",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201111-167",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-71796",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-72301",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "17422",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "36286",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-52661",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52661"
},
{
"db": "BID",
"id": "50520"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003334"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-167"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-131"
},
{
"db": "NVD",
"id": "CVE-2011-4716"
}
]
},
"id": "VAR-201112-0306",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-52661"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T23:05:46.912000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dream-multimedia-tv.de/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003334"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52661"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003334"
},
{
"db": "NVD",
"id": "CVE-2011-4716"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/50520"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/18079"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4716"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4716"
},
{
"trust": 0.3,
"url": "http://www.dream-multimedia-tv.de"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52661"
},
{
"db": "BID",
"id": "50520"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003334"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-167"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-131"
},
{
"db": "NVD",
"id": "CVE-2011-4716"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-52661"
},
{
"db": "BID",
"id": "50520"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003334"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-167"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-131"
},
{
"db": "NVD",
"id": "CVE-2011-4716"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-52661"
},
{
"date": "2011-11-04T00:00:00",
"db": "BID",
"id": "50520"
},
{
"date": "2011-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003334"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-167"
},
{
"date": "2011-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-131"
},
{
"date": "2011-12-08T19:55:08.233000",
"db": "NVD",
"id": "CVE-2011-4716"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-52661"
},
{
"date": "2011-12-13T18:28:00",
"db": "BID",
"id": "50520"
},
{
"date": "2011-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003334"
},
{
"date": "2011-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-167"
},
{
"date": "2012-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-131"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-4716"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-167"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-131"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DreamBox DM800 Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003334"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-131"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…