PT-2022-21894 · Robustel · Robustel R1510

Francesco Benvenuto

Published

2022-10-25

Updated

2022-10-26

CVE-2022-33897

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Robustel R1510 version 3.1.16

Description A directory traversal issue exists in the web server /ajax/remove/ functionality. This allows an attacker to send a specially-crafted network request, potentially leading to arbitrary file deletion by triggering the vulnerability with a sequence of requests.

Recommendations For version 3.1.16, consider restricting access to the /ajax/remove/ functionality until a fix is available. As a temporary workaround, avoid using the web server /ajax/remove/ functionality to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-33897

Affected Products

Robustel R1510

PT-2022-21894 · Robustel · Robustel R1510

CVE-2022-33897

Weakness Enumeration

Related Identifiers

Affected Products

References · 3