Mobilenetworksecurity

**Name of the Vulnerable Software and Affected Versions** NetNumber Titan Master version 7.9.1 **Description** An issue in the 'drp' endpoint allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the `path` parameter using base64-encoded payloads containing ../ sequences to bypass authorization and retrieve sensitive system files, such as /etc/shadow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.