BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure

BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure
BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from an authenticated file disclosure vulnerability. Input passed via the ‘READ.filePath’ parameter in fileread script is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary files via absolute path or via the SendCGICMD API.