PT-2020-10002 · Blaauw · Blaauw Remote Kiln Control

Published

2020-05-07

Updated

2020-05-12

CVE-2019-18871

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Blaauw Remote Kiln Control versions through v3.00r4

Description A path traversal issue in debug.php, accessed via default.php, allows an authenticated attacker to upload arbitrary files. This can lead to arbitrary remote code execution.

Recommendations For versions through v3.00r4, update to a version later than v3.00r4 to resolve the issue. As a temporary workaround, consider restricting access to debug.php and default.php to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2019-18871

Affected Products

Blaauw Remote Kiln Control

PT-2020-10002 · Blaauw · Blaauw Remote Kiln Control

CVE-2019-18871

Weakness Enumeration

Related Identifiers

Affected Products

References · 5