PT-2021-13750 · Unknown · Midge Firmware

Derrie Sutton

Published

2021-02-16

Updated

2022-07-12

CVE-2021-20072

CVSS v2.0

8.7

High

Vector

AV:N/AC:L/Au:S/C:C/I:P/A:C

Name of the Vulnerable Software and Affected Versions: MIDGE Firmware version 4.4.40.105

Description: The issue allows attackers to access and delete files arbitrarily via an authenticated directory traversal.

Recommendations: For MIDGE Firmware version 4.4.40.105, consider restricting access to sensitive directories and files as a temporary workaround until a patch is available.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-20072

Affected Products

Midge Firmware

PT-2021-13750 · Unknown · Midge Firmware

CVE-2021-20072

Weakness Enumeration

Related Identifiers

Affected Products

References · 4