CVE-2017-7240

Name of the Vulnerable Software and Affected Versions Miele Professional PST10 devices versions 2.02 through 2.12 Miele Professional PST10 devices versions 2.51 through 2.61 Miele Professional PST10 devices versions 2.52 through 2.62 Miele Professional PST10 devices versions 2.54 through 2.64 Miele Professional PST10 devices versions 1.00 through 1.10 Miele Professional PST10 devices versions 1.04 through 1.14 Miele Professional PST10 devices versions 1.10 through 1.20 Miele Professional PST10 devices versions 1.14 through 1.24

Description An issue was discovered in the embedded webserver "PST10 WebServer" of Miele Professional PST10 devices, which is prone to a directory traversal attack. This allows an unauthenticated attacker to access sensitive information, potentially aiding in subsequent attacks. The attack can be exploited by sending a GET request to a specific endpoint, such as "GET /../../../../../../../../../../../../etc/shadow HTTP/1.1".

Recommendations For versions 2.02 through 2.12, update to version 2.12 or later. For versions 2.51 through 2.61, update to version 2.61 or later. For versions 2.52 through 2.62, update to version 2.62 or later. For versions 2.54 through 2.64, update to version 2.64 or later. For versions 1.00 through 1.10, update to version 1.10 or later. For versions 1.04 through 1.14, update to version 1.14 or later. For versions 1.10 through 1.20, update to version 1.20 or later. For versions 1.14 through 1.24, update to version 1.24 or later.