GCVE - cpe:2.3:o:androvideo:vd_1_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:androvideo:vd_1_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Androvideo (`5718b93d-4e95-5de3-a12e-86245bc2079f`)
Product	Vd 1 Firmware (`362f5aae-9df8-559a-b914-3685d52dfc6d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-13408`	vulnerable	2026-06-08 05:12:42.222370	Advan VD-1 allows users to download arbitrary files A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. Published: 2019-08-29T00:18:52.900Z Updated: 2024-09-17T01:26:55.568Z Open on db.gcve.eu Reference links https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md https://tvn.twcert.org.tw/taiwanvn/TVN-201906009 http://surl.twcert.org.tw/2bvXq	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-13407`	vulnerable	2026-06-08 05:12:42.219233	Advan VD-1 has a reflected XSS vulnerability in page cgibin/ssi.cgi A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly. Published: 2019-08-29T00:19:39.243Z Updated: 2024-09-16T22:16:10.244Z Open on db.gcve.eu Reference links https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md https://tvn.twcert.org.tw/taiwanvn/TVN-201906008 http://surl.twcert.org.tw/SpTwh	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-13406`	vulnerable	2026-06-08 05:12:42.218729	Advan VD-1 has a vulnerability that allows remote arbitrary APK installation A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication. Published: 2019-08-29T00:19:32.626Z Updated: 2024-09-16T23:16:16.188Z Open on db.gcve.eu Reference links https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md https://tvn.twcert.org.tw/taiwanvn/TVN-201906007 http://surl.twcert.org.tw/hVut7	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11064`	vulnerable	2026-06-08 05:12:26.347985	A vulnerability of remote credential disclosure was discovered in Advan VD-1 A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication. Published: 2019-08-29T00:19:17.490Z Updated: 2024-09-17T00:36:59.288Z Open on db.gcve.eu Reference links https://tvn.twcert.org.tw/taiwanvn/TVN-201906005 http://surl.twcert.org.tw/gCDQN https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.