Unknown · Huijietong Cloud Video Platform · CVE-2024-13991
**Name of the Vulnerable Software and Affected Versions**
Huijietong Cloud Video Platform (affected versions not specified)
**Description**
The platform contains a path traversal issue that allows unauthenticated attackers to retrieve files from the server filesystem. This is achieved by manipulating the `fullPath` parameter within the `/fileDownload?action=downloadBackupFile` API endpoint. The Rondo botnet has been observed targeting this issue.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.