PT-2021-13736 · Sma100+5 · Sma100+5
Published
2021-12-08
·
Updated
2021-12-10
·
CVE-2021-20040
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
SMA 200
SMA 210
SMA 400
SMA 410
SMA 500v
Description:
A relative path traversal vulnerability in the SMA100 upload function allows a remote unauthenticated attacker to upload crafted web pages or files as a
nobody user.Recommendations:
For SMA 200, update to a version that fixes the relative path traversal vulnerability in the SMA100 upload function.
For SMA 210, update to a version that fixes the relative path traversal vulnerability in the SMA100 upload function.
For SMA 400, update to a version that fixes the relative path traversal vulnerability in the SMA100 upload function.
For SMA 410, update to a version that fixes the relative path traversal vulnerability in the SMA100 upload function.
For SMA 500v, update to a version that fixes the relative path traversal vulnerability in the SMA100 upload function.
As a temporary workaround, consider restricting access to the SMA100 upload function until a patch is available.
Fix
Relative Path Traversal
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sma 200
Sma 210
Sma 400
Sma 410
Sma 500V
Sma100