July 4, 2022

Motu AVB Directory Traversal Vulnerability and Exploit (CVE-2020-8009)

We’ve found that MOTU AVB devices contain a directory traversal vulnerability. During testing, we were able to append characters to the end of the URL and manipulate the application to display local files.

For example, when using the URL of

http://<<host>>:1280/../../../../../../../../../../../../etc/passwd

The application responds with the listing of the /etc/passwd file.

The vendor has not acknowledged this vulnerability and therefore no patch or fix exists. We recommend removing any external network access that this device may have.

Keep going

Explore More

How I Would Hack You: February Webinar

Join us in our first installment of our 2024 webinar series! This one features James Carroll and Eric Fiske discussing some of the most common ways attackers are gaining access networks, systems, and user accounts.

February 12, 2024

The HacketCast Episode 5: Debunking Cybersecurity Myths

Join James Carroll and Eric Fiske as they dive into some of the most common misonceptions and cybersecurity myths.

January 9, 2024

The HacketCast Episode 4: Adams Penetration Testing Journey

Join James Carroll and Adam Pawloski as they discuss Adams penetration testing journey from Best Buy delivery driver to senior penetration tester!

November 4, 2023

Hacket provides unparalleled cybersecurity expertise including penetration testing, social engineering, red teaming, purple teaming, and more.