CVE-2025-65287

Name of the Vulnerable Software and Affected Versions SNMP Web Pro version 1.1

Description An unauthenticated directory traversal issue exists in the cgi-bin/upload.cgi component. The component concatenates user-supplied parameters directly onto a base path (/var/www/files/userScript/) using memcpy and strcat without proper validation or sanitization. This allows attackers to use "../" sequences to access files outside the intended directory. Additionally, the download functionality echoes unsanitized parameters into the Content-Disposition header, potentially leading to header injection.

Recommendations Apply updates to address the issue in SNMP Web Pro version 1.1.