CVE-2021-35380

A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download (http://url:port/file?valore).
References
Link Resource
https://www.exploit-db.com/exploits/50638 Exploit Third Party Advisory VDB Entry
https://www.swascan.com/it/security-blog/ Third Party Advisory
https://www.swascan.com/solari-di-udine/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:solari:termtalk_server:3.24.0.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-02-15 22:15

Updated : 2024-02-28 19:09


NVD link : CVE-2021-35380

Mitre link : CVE-2021-35380

CVE.ORG link : CVE-2021-35380


JSON object : View

Products Affected

solari

  • termtalk_server
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')