CVE-2007-3692

Name of the Vulnerable Software and Affected Versions EZFactory KDDI Download CGI version 1.x

Description The issue allows remote attackers to read and download arbitrary files due to a directory traversal vulnerability in the download.cgi component. This is achieved by including a .. (dot dot) in the name parameter.

Recommendations For EZFactory KDDI Download CGI version 1.x, consider restricting access to the download.cgi component until a patch is available. As a temporary workaround, avoid using the name parameter in the download.cgi API endpoint to minimize the risk of exploitation.