PT-2019-14855 · Platinum · Platinum Upnp Sdk

Pokerfacett

Published

2019-09-26

Updated

2019-09-26

CVE-2019-16903

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Platinum UPnP SDK version 1.2.0

Description The issue allows Directory Traversal due to incorrect checking for /.. instead of ../ in the Core/PltHttpServer.cpp file.

Recommendations For Platinum UPnP SDK version 1.2.0, consider modifying the Core/PltHttpServer.cpp file to correctly check for ../ instead of /.. to prevent Directory Traversal.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2019-16903

Affected Products

Platinum Upnp Sdk

PT-2019-14855 · Platinum · Platinum Upnp Sdk

CVE-2019-16903

Weakness Enumeration

Related Identifiers

Affected Products

References · 4