CVE-2020-37034

Name of the Vulnerable Software and Affected Versions HelloWeb version 2.0

Description The software contains an arbitrary file download issue that enables remote attackers to download system files. This is achieved by manipulating the filepath and filename parameters within crafted GET requests sent to the ''download.asp'' endpoint. Attackers can leverage directory traversal techniques to access sensitive configuration and system files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.