filedir' vulnerability in Biges products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

biges

CWE-25

NVD

Published: 2024-01-26

Updated: 2024-02-01

Summary

Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C.

Vulnerable Configurations

Part	Description	Count
OS	Biges Biges VG 4C1A LRU Firmware * Biges VG 4C1A Lrpu Firmware * Biges VG 255A BF Firmware * Biges VG 255 BV Firmware * Biges VG 255 DF Firmware * Biges VG 64C8Rd NVR Firmware * Biges VG 4C1E NVR Firmware * Biges VG 8C1E NVR Firmware * Biges VG 8C1A Lrpu Firmware *	9
Hardware	Biges Biges VG 4C1A LRU - Biges VG 4C1A Lrpu - Biges VG 255A BF - Biges VG 255 BV - Biges VG 255 DF - Biges VG 64C8Rd NVR - Biges VG 4C1E NVR - Biges VG 8C1E NVR - Biges VG 8C1A Lrpu -	9

Common Weakness Enumeration (CWE)

CWE-25 - Path Traversal: '/../filedir'

References

https://www.usom.gov.tr/bildirim/tr-24-0054