CVE-2017-10933
CVE-2017-10933
In short
The ZTE ZXDT22 SF01 monitoring system has a flaw that lets attackers read any file on the server by manipulating the file path in a web request. This is dangerous because sensitive information like passwords or configuration files can be exposed.
Technical detail
A directory traversal vulnerability in ZTE ZXDT22 SF01 versions before V2.06.00.00 permits unauthenticated remote attackers to access arbitrary files by supplying full path names in requests. The vulnerability stems from insufficient input validation on file path parameters, enabling attackers to bypass directory restrictions and read sensitive system files.
Summary generated and translated by AI from the official description.
All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.
Affected products
ZTE · ZXDT22 SF01Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →