CVE-2022-47188

Name of the Vulnerable Software and Affected Versions Generex UPS CS141 versions prior to 2.06

Description The issue allows an attacker to read arbitrary files, potentially leading to sensitive information disclosure. By utilizing default credentials, an attacker can upload a backup file that contains a symlink to a sensitive path, such as /etc/shadow, thereby obtaining its content.

Recommendations For versions prior to 2.06, update to version 2.06 or later to resolve the issue. As a temporary workaround, consider changing the default credentials to prevent unauthorized access. Restrict the ability to upload backup files or limit access to sensitive paths to minimize the risk of exploitation.