CVE-2023-48246

Name of the Vulnerable Software and Affected Versions NEXO-OS (affected versions not specified)

Description The issue allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. This is due to incorrect restriction of the path name to a directory with limited access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.