CVE-2020-10631

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/NMS versions prior to 3.0.2

Description An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's control. This issue allows for directory traversal, potentially leading to information disclosure and denial-of-service.

Recommendations For versions prior to 3.0.2, update to version 3.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the download.jsp endpoint until a patch is available. Avoid using specially crafted URLs that could exploit the directory traversal vulnerability.