id: avtech-dvr-exposure info: name: Avtech AVC798HA DVR Information Exposure author: geeknik severity: low description: CGI programs under the /cgi-bin/nobody directry can be accessed without authentication. reference: - http://www.avtech.com.tw/ tags: dvr,exposure,avtech requests: - method: GET path: - "{{BaseURL}}/cgi-bin/nobody/Machine.cgi?action=get_capability" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "Firmware.Version=" - "MACAddress=" - "Product.Type=" condition: and