← back
CVE-2023-25909

HGiga Inc. OAKlouds - Arbitrary File Upload

CVSS 9.8 CRITICALEPSS 0.9%CWE-434
HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
HGIGA INC. · HGiga OAKlouds

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/tw/cp-132-6973-45872-1.html