Vulnerabilities > Westerndigital > Arkeia Virtual Appliance Firmware > 10.2.7

DATE	CVE	VULNERABILITY TITLE	RISK
2014-04-28	CVE-2014-2846	Path Traversal vulnerability in Westerndigital Arkeia Virtual Appliance Firmware 10.2.7 Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin. network low complexity westerndigital CWE-22	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.