Ip3 · Ip3 Netaccess · CVE-2007-0883
Name of the Vulnerable Software and Affected Versions:
IP3 NetAccess versions prior to 4.1.9.6
Description:
The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `filename` parameter in the portalgroups/portalgroups/getfile.cgi endpoint.
Recommendations:
For versions prior to 4.1.9.6, update to firmware version 4.1.9.6 to resolve the issue.