CVE-2022-39033

Name of the Vulnerable Software and Affected Versions Smart eVision (affected versions not specified)

Description The issue is related to a path traversal vulnerability in Smart eVision's file acquisition function. This vulnerability is caused by insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access restricted paths, allowing them to download and delete arbitrary system files, which can disrupt service. The vulnerability can also be exploited to read, modify, or delete data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.