4 matches found
CVE-2021-43930
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system...
CVE-2021-43930 Elcomplus SmartPtt Path Traversal
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system...
CVE-2021-43930
CVE-2021-43930 affects Elcomplus SmartPTT/SmartPTT SCADA Server backup and restore functionality. The root cause is improper validation of download requests in the backup/restore path traversal flow, enabling an attacker to access files outside the intended directory. Exploitation could allow dow...
Elcomplus SmartPTT SCADA
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor: Elcomplus Equipment: SmartPTT Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, Cross-site Scripting 2. RISK EVALUATION Successful exploitation...