CVE-2022-3184

Name of the Vulnerable Software and Affected Versions Dataprobe iBoot-PDU FW versions prior to 1.42.06162022

Description The issue is related to the device's existing firmware, which allows unauthenticated users to access an old PHP page vulnerable to directory traversal. This may enable a user to write a file to the webroot directory. The vulnerability is associated with incorrect restriction of the path name to a directory with limited access, which can be exploited by a remote attacker.

Recommendations For versions prior to 1.42.06162022, update the firmware to version 1.42.06162022 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable PHP page until a patch is available. Avoid using the vulnerable directory traversal functionality in the webroot directory until the issue is resolved.