PT-2024-22451 · Byzoro Networks · Byzoro Networks Smart Multi-Service Security Gateway Intelligent Management Platform

Published

2024-04-04

Updated

2024-08-01

CVE-2024-28520

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Byzoro Networks Smart multi-service security gateway intelligent management platform version S210

Description The issue allows an attacker to obtain sensitive information via the uploadfile.php component. This is a result of a File Upload vulnerability in the Byzoro Networks Smart multi-service security gateway intelligent management platform.

Recommendations For version S210, consider restricting access to the uploadfile.php component until a fix is available. As a temporary workaround, disabling the file upload functionality may help minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-616CWE-434

Related Identifiers

CVE-2024-28520

Affected Products

Byzoro Networks Smart Multi-Service Security Gateway Intelligent Management Platform

CVE-2024-28520

Weakness Enumeration

Related Identifiers

Affected Products

References · 4