Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL.
http://www.securityfocus.com/bid/15281
http://secunia.com/advisories/17419