3 matches found
CVE-2022-38451
CVE-2022-38451 is a directory traversal vulnerability in FreshTomato 2022.5 (and related firmware derived from it, e.g., Siretta QUARTZ-GOLD). TALOS-2022-1642 documents a flaw in FreshTomato’s httpd update.cgi: the wo_update path builds /var/notice/ from an unsanitized exec/arg parameter, leading...
CVE-2022-38451
A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-38451
A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability...