Company News

New Vulnerability – MOTU AVB Directory Traversal CVE-2020-8009
By: james@securenetworkinc.com
January 22, 2020

SNT found that MOTU AVB devices contain a directory traversal vulnerability. During testing, SNT was able to append characters to the end of the URL and manipulate the application to display local files.

For example, when using the URL of

http://<<host>>:1280/../../../../../../../../../../../../etc/passwd

The application responds with the listing of the /etc/passwd file.

The vendor has not acknowledged this vulnerability and therefore no patch or fix exists. SNT recommends removing any external network access that this device may have.

Credit: James Carroll and Adam Pawloski, Secure Network Technologies, Inc.

Download the Emergency Response Handbook

So you’re under attack. It will happen to every business and professional at some time or another. Be prepared with our Emergency Response Handbook – it will walk you through the first actions you need to take when experiencing a cyber attack.