James Carroll

**Name of the Vulnerable Software and Affected Versions** Speco Web Viewer versions through 2021-05-12 **Description** The issue allows Directory Traversal via a GET request for a URI with /.. at the beginning. This can be demonstrated by reading the /etc/passwd file. **Recommendations** For versions through 2021-05-12, consider restricting access to the GET request endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using URIs with /.. at the beginning until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AVB MOTU devices through 2020-01-22 **Description** The issue allows directory traversal, as demonstrated by reading the /etc/passwd file, via the /.. endpoint. **Recommendations** For AVB MOTU devices through 2020-01-22, consider restricting access to the /.. endpoint to minimize the risk of exploitation.