Path traversal

2019-08-2901:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.9%

JSON

A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication.

CPENameOperatorVersion
vd_1_firmwarele230
gv-vd8700_firmwarele1.01
gv-vr360_firmwarele1.10

Name	Operator	Version
vd_1_firmware	le	230
gv-vd8700_firmware	le	1.01
gv-vr360_firmware	le	1.10

References

surl.twcert.org.tw/2bvXq

gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b

tvn.twcert.org.tw/taiwanvn/TVN-201906009