Pierguido Iezzi

**Name of the Vulnerable Software and Affected Versions** Solari di Udine TermTalk Server (TTServer) version 3.24.0.2 **Description** A Directory Traversal issue exists, allowing an unauthenticated malicious user to gain access to files on the remote system by accessing the relative path of the desired file. This can be achieved through the `http://url:port/file?valore` endpoint, where the `valore` parameter is used to specify the file. **Recommendations** For version 3.24.0.2, consider restricting access to the `http://url:port/file?valore` endpoint until a patch is available. As a temporary workaround, avoid using the `valore` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.