CVE-2021-40661

Name of the Vulnerable Software and Affected Versions IND780 Advanced Weighing Terminals versions 7.2.10 through 8.0.07

Description A remote, unauthenticated, directory traversal issue was identified within the web interface. It allows traversing the folders of the affected host by providing a traversal path to the webpage parameter in AutoCE.ini. This could enable a remote unauthenticated adversary to access additional files on the affected system and perform further enumeration to identify system versions, potentially leading to further attacks.

Recommendations For versions 7.2.10 through 8.0.07, consider restricting access to the webpage parameter in AutoCE.ini to minimize the risk of exploitation. As a temporary workaround, limit the ability to traverse folders through the web interface until a patch is available.