go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Smart eVision - Path Traversal -2

TVN ID TVN-202209007
CVE ID CVE-2022-39034
CVSS 6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products Smart eVision ver.2022.02.21
Description Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files.
Solution Update Smart eVision version to 2022.06.16
Credit Gary Tan, Zac Wang (Talent-Jump)
Public Date 2022-09-28
Top