CVE-2021-32532
QSAN XEVO - Path Traversal
In short
A security flaw in QSAN XEVO allows attackers to download any file from the system without permission by manipulating file paths. This puts sensitive data at risk of unauthorized access.
Technical detail
A path traversal vulnerability in the back-end analysis function enables remote, unauthenticated attackers to bypass access controls and retrieve arbitrary files from the server. The vulnerability is exploitable through crafted path manipulation inputs and was resolved in QSAN XEVO v2.1.0.
Summary generated and translated by AI from the official description.
Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
QSAN · XEVOWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →