Filtered by vendor Cdpenergy
Subscriptions
Filtered by product Snmp Web Pro Firmware
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65287 | 2 Cdpenergy, Voltronicpower | 3 Snmp Web Pro, Snmp Web Pro Firmware, Snmp Web Pro | 2025-12-12 | 4.3 Medium |
| An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary files. The CGI concatenates the user-supplied params directly onto the base path (/var/www/files/userScript/) using memcpy + strcat without validation or canonicalization, enabling ../ sequences to escape the intended directory. The download branch also echoes the unsanitized params into Content-Disposition, introducing header-injection risk. | ||||
Page 1 of 1.