CVE-2021-33725

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V1.0 SP2 Update 1

Description: A vulnerability has been identified that allows the deletion of arbitrary files or directories under a user-controlled path. The affected system does not correctly check if the relative path is still within the intended target directory.

Recommendations: For versions prior to V1.0 SP2 Update 1, update to V1.0 SP2 Update 1 or later to resolve the issue. As a temporary workaround, consider restricting access to file deletion functionality to minimize the risk of exploitation.