Vulnerabilities > CVE-2021-30173 - Absolute Path Traversal vulnerability in Junhetec Omnidirectional Communication System 2007.2103

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

junhetec

CWE-36

NVD

Published: 2021-05-07

Updated: 2021-05-18

Summary

Local File Inclusion vulnerability of the omni-directional communication system allows remote authenticated attacker inject absolute path into Url parameter and access arbitrary file.

Vulnerable Configurations

Part	Description	Count
Application	Junhetec Junhetec Omnidirectional Communication System 2007.2103	1

Common Weakness Enumeration (CWE)

CWE-36 - Absolute Path Traversal

References

https://www.twcert.org.tw/tw/cp-132-4712-7ade4-1.html