← back
CVE-2022-32761

CVE-2022-32761

CVSS 6.5 MEDIUMEPSS 2.4%CWE-73
In short

AVideo 11.6 has a flaw that allows attackers to read files from the server by sending specially crafted HTTP requests to the video encoder function. This exposes sensitive information stored on the server.

Technical detail

An information disclosure vulnerability in the aVideoEncoderReceiveImage endpoint allows unauthenticated or low-privileged attackers to read arbitrary files via specially-crafted HTTP requests. The vulnerability affects WWBN AVideo 11.6 and dev master, enabling file enumeration and exfiltration of sensitive data without authentication requirements.

Summary generated and translated by AI from the official description.
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
WWBN · AVideo

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sqlhttps://talosintelligence.com/vulnerability_reports/TALOS-2022-1549