Title ----- DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal Severity -------- High Date Discovered --------------- January 22, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description ------------------------- The EverFocus EPARA264-16X1 DVR allows unauthenticated remote users to retrieve arbitrary system files that are located outside of the web root through a directory traversal on port 80. Solution Description -------------------- EverFocus has provided a solution for this security issue in the form of a firmware upgrade. EPARA264-16X1 devices with firmware version 1.0.3 or later are not affected by the security issue. The firmware update is available from EverFocus technical support. Tested Systems / Software ------------------------- EverFocus EPARA264-16X1 Firmware Version 1.0.2 Vendor Contact -------------- Vendor Name: EverFocus
 Vendor Website: http://www.everfocus.com/