CVE-2019-25610

Name of the Vulnerable Software and Affected Versions NetNumber Titan Master version 7.9.1

Description An issue in the 'drp' endpoint allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter using base64-encoded payloads containing ../ sequences to bypass authorization and retrieve sensitive system files, such as /etc/shadow.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.