CVE-2017-9097

Name of the Vulnerable Software and Affected Versions Anti-Web through 3.8.7 NetBiter FGW200 devices through 3.21.2 WS100 devices through 3.30.5 EC150 devices through 1.40.0 WS200 devices through 3.30.4 EC250 devices through 1.40.0

Description The issue allows a remote attacker to read or modify files through a path traversal technique. This can be demonstrated by reading the password file or using the template parameter to /cgi-bin/write.cgi to write to an arbitrary file.

Recommendations For Anti-Web through 3.8.7, update to a version later than 3.8.7 to resolve the issue. For NetBiter FGW200 devices through 3.21.2, update to a version later than 3.21.2. For WS100 devices through 3.30.5, update to a version later than 3.30.5. For EC150 devices through 1.40.0, update to a version later than 1.40.0. For WS200 devices through 3.30.4, update to a version later than 3.30.4. For EC250 devices through 1.40.0, update to a version later than 1.40.0. As a temporary workaround, consider restricting access to the /cgi-bin/write.cgi endpoint to minimize the risk of exploitation.