Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/pudding2/NSG9000/blob/master/exp.txt |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-08-05T18:00:00
Updated: 2024-08-05T09:46:24.656Z
Reserved: 2018-08-05T00:00:00
Link: CVE-2018-14942
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-08-05T18:29:00.363
Modified: 2018-10-05T12:40:22.437
Link: CVE-2018-14942
Redhat
No data.