CVE-2019-6268

Name of the Vulnerable Software and Affected Versions RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12

Description The issue allows URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow. This can potentially lead to unauthorized access to sensitive files.

Recommendations For RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12, consider restricting access to API endpoints that accept URIs to minimize the risk of exploitation. Avoid using URIs beginning with /.. in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.