CVE-2007-4583

critical

Description

Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.

References

https://www.exploit-db.com/exploits/4324

https://www.exploit-db.com/exploits/4323

https://exchange.xforce.ibmcloud.com/vulnerabilities/36304

https://exchange.xforce.ibmcloud.com/vulnerabilities/36303

http://www.vupen.com/english/advisories/2007/2993

http://www.securityfocus.com/bid/25465

http://secunia.com/advisories/26622

http://osvdb.org/38387

http://osvdb.org/38386

Details

Source: Mitre, NVD

Published: 2007-08-29

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.12006