8 matches found
Longjing Technology BEMS API 1.21 - Unauthenticated Arbitrary File Download
Longjing Technology BEMS API 1.21 is vulnerable to local file inclusion. Input passed through the fileName parameter through the downloads API endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files...
EUVD-2021-34715
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the...
CVE-2021-4463
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the...
CVE-2021-4463 Longjing Technology BEMS API <= 1.21 Remote Arbitrary File Download
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the...
CVE-2021-4463
CVE-2021-4463 affects Longjing Technology BEMS API versions up to 1.21. The vulnerability exists in the downloads endpoint where the fileName parameter is not properly sanitized, enabling an attacker to perform path traversal and download arbitrary files outside the intended directory without aut...
CVE-2021-4463 Longjing Technology BEMS API <= 1.21 Remote Arbitrary File Download
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the...
Longjing BEMS API 安全漏洞
The Longjing BEMS API is an interface to the Battery Energy Management System BEMS from China's Longjing. A security vulnerability exists in Longjing BEMS API version 1.21 and earlier, which stems from an arbitrary file download issue in the downloads endpoint that could result in access to...
PT-2025-46728
Name of the Vulnerable Software and Affected Versions Longjing Technology BEMS API versions up to and including 1.21 Description The software contains an unauthenticated arbitrary file download issue in the 'downloads' endpoint. The fileName parameter lacks proper sanitization, enabling attackers...