CVE-2021-35380

A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download (http://url:port/file?valore).
References
Link Resource
https://www.exploit-db.com/exploits/50638 Exploit Third Party Advisory VDB Entry
https://www.swascan.com/it/security-blog/ Third Party Advisory
https://www.swascan.com/solari-di-udine/ Third Party Advisory
https://www.exploit-db.com/exploits/50638 Exploit Third Party Advisory VDB Entry
https://www.swascan.com/it/security-blog/ Third Party Advisory
https://www.swascan.com/solari-di-udine/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:solari:termtalk_server:3.24.0.2:*:*:*:*:*:*:*

History

21 Nov 2024, 06:12

Type Values Removed Values Added
References () https://www.exploit-db.com/exploits/50638 - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/50638 - Exploit, Third Party Advisory, VDB Entry
References () https://www.swascan.com/it/security-blog/ - Third Party Advisory () https://www.swascan.com/it/security-blog/ - Third Party Advisory
References () https://www.swascan.com/solari-di-udine/ - Third Party Advisory () https://www.swascan.com/solari-di-udine/ - Third Party Advisory

Information

Published : 2022-02-15 22:15

Updated : 2024-11-21 06:12


NVD link : CVE-2021-35380

Mitre link : CVE-2021-35380

CVE.ORG link : CVE-2021-35380


JSON object : View

Products Affected

solari

  • termtalk_server
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')