Relative Path Traversal Vulnerability in Advan VD-1 Firmware (Up to Version 230) Allows Unauthorized File Downloads

Relative Path Traversal Vulnerability in Advan VD-1 Firmware (Up to Version 230) Allows Unauthorized File Downloads

CVE-2019-13408 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication.

Learn more about our Web Application Penetration Testing UK.