Home
MEDIUM: 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NDefault status
unaffected
0.0.0 (semver) before Firmware v3.2.0
affected
Default status
unaffected
0.0.0 (semver) before Firmware v3.2.0
affected
Default status
unaffected
0.0.0 (semver) before Firmware v3.2.0
affected
Default status
unaffected
0.0 (semver) before Firmware v6.0
affected
Default status
unaffected
0.0 (semver) before Firmware v6.0
affected
Default status
unaffected
0.0 (semver) before Firmware v6.0
affected
Description
A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified.
Problem types
CWE-646:Reliance on File Name or Extension of Externally-Supplied File
Product status
0.0.0 (semver) before Firmware v3.2.0
0.0.0 (semver) before Firmware v3.2.0
0.0.0 (semver) before Firmware v3.2.0
0.0 (semver) before Firmware v6.0
0.0 (semver) before Firmware v6.0
0.0 (semver) before Firmware v6.0
Credits
Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse
References
sauter.csaf-tp.certvde.com/...f/white/2025/vde-2025-060.json
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
