Home
CRITICAL: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
0.0.0 (semver) before Firmware v3.2.0
affected
Default status
unaffected
0.0.0 (semver) before Firmware v3.2.0
affected
Default status
unaffected
0.0.0 (semver) before Firmware v3.2.0
affected
Default status
unaffected
0.0 (semver) before Firmware v6.0
affected
Default status
unaffected
0.0 (semver) before Firmware v6.0
affected
Default status
unaffected
0.0 (semver) before Firmware v6.0
affected
Description
The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.
Problem types
CWE-35:Path Traversal: '.../...//'
Product status
0.0.0 (semver) before Firmware v3.2.0
0.0.0 (semver) before Firmware v3.2.0
0.0.0 (semver) before Firmware v3.2.0
0.0 (semver) before Firmware v6.0
0.0 (semver) before Firmware v6.0
0.0 (semver) before Firmware v6.0
Credits
Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse S+T
References
sauter.csaf-tp.certvde.com/...f/white/2025/vde-2025-060.json
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
