A sample CGI download program is included with KDDI’s EZFactory for downloading and saving data such as images and ringtones to EZweb compatible cellular phones. A directory traversal vulnerability exists in this program.
A remote anauthenticated attacker could access files on the server where this sample CGI download program is installed. This could lead to unintentional disclosure of file contents.
Update the Software
Please update to the version with CGI download security provided by the vendor.