exploitDog

GHSA-7crf-438p-2fw4

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.

MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.

Ссылки

EPSS

Процентиль: 98%

0.5789

Средний

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2021-23241

CVSS3: 5.3

nvd

около 5 лет назад

MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.

EPSS

Процентиль: 98%

0.5789

Средний

CVE ID

Дефекты

CWE-22