2 matches found
๐ ABB Cylon FLXeon 9.3.5 siteGuide.js Authenticated Directory Traversal
The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated file traversal via the /api/siteGuide endpoint. An attacker with valid credentials can manipulate the filename parameter to move and access or overwrite arbitrary files. The issue arises due to improper input validation in...
TOTOLINK X18 ๅฝไปคๆณจๅ ฅๆผๆด
TOTOLINK X18 is a mesh router system from China's Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK X18 version V9.1.0cu.2024B20220329, which originates from a command injection vulnerability via the ip parameter in the setDiagnosisCfg function...