Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Path Traversal

Carel pCOWeb HVAC BACnet Gateway 2.1.0 contains an unauthenticated arbitrary file disclosure caused by improper verification of the 'file' GET parameter in logdownload.cgi, letting attackers disclose sensitive files via directory traversal, exploit requires no authentication. id: CVE-2022-37122...

EUVD-2022-39775

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly...

Carel pCOWeb HVAC BACnet Gateway 路径遍历漏洞

Carel pCOWeb is a programmable control card. A security vulnerability exists in Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware versions A2.1.0 - B2.1.0, Application Software version 2.15.4A, and Software v16 13020200, which stems from the presence of an unauthenticated Arbitrary File Disclosure...