Skip to content
Home » Motu AVB Directory Traversal Vulnerability and Exploit (CVE-2020-8009)

Motu AVB Directory Traversal Vulnerability and Exploit (CVE-2020-8009)

We’ve found that MOTU AVB devices contain a directory traversal vulnerability. During testing, we were able to append characters to the end of the URL and manipulate the application to display local files.

For example, when using the URL of

http://<<host>>:1280/../../../../../../../../../../../../etc/passwd

The application responds with the listing of the /etc/passwd file.

The vendor has not acknowledged this vulnerability and therefore no patch or fix exists. We recommend removing any external network access that this device may have.