CVE-2019-7387

Name of the Vulnerable Software and Affected Versions Systrome Cumilon devices versions 1.1-R2.1 TRUNK-20180914.bin

Description A local file inclusion issue exists in the web interface. The export function, accessible from system/maintenance/export.php, allows path traversal via the name parameter, as it accepts user-provided paths.

Recommendations For version 1.1-R2.1 TRUNK-20180914.bin, as a temporary workaround, consider restricting access to the export.php file in the system/maintenance directory until a patch is available. Avoid using the name parameter in the affected API endpoint until the issue is resolved.