A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NFreshtomato
OSFreshtomato2022.5Siretta Quartz Gold
HWSirettawszystkie wersjeSiretta Quartz Gold Firmware
OSSirettag5.0.1.5-210720-141020
Related vulnerabilities
An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A ...
An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A...
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Si...
An OS command injection vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G...
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Si...