PT-2021-7734 · Spacelynk+1 · Spacelynk+1

Published

2021-05-11

Updated

2021-06-04

CVE-2021-22736

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions homeLYnk (Wiser For KNX) versions prior to V2.60 spaceLYnk versions prior to V2.60

Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability. This could cause a denial of service when an unauthorized file is uploaded. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For homeLYnk (Wiser For KNX) versions prior to V2.60, update to a version V2.60 or later. For spaceLYnk versions prior to V2.60, update to a version V2.60 or later. As a temporary workaround, consider restricting file uploads to authorized files only until a patch is available.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2023-02125

CVE-2021-22736

Affected Products

Homelynk

Spacelynk

PT-2021-7734 · Spacelynk+1 · Spacelynk+1

CVE-2021-22736

Weakness Enumeration

Related Identifiers

Affected Products

References · 6