Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-128-01 | third party advisory us government resource |
| https://www.zerodayinitiative.com/advisories/ZDI-20-589/ | vdb entry third party advisory |
| https://www.zerodayinitiative.com/advisories/ZDI-20-605/ | vdb entry third party advisory |
| https://www.zerodayinitiative.com/advisories/ZDI-20-595/ | vdb entry third party advisory |