The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
The lack of authentication required for file uploads combined with the absence of file extension or type validation allows an attacker to upload any file (e.g., webshell). The path traversal vulnerability enables placing this file outside the default upload directory — including locations accessible by the web server. After uploading the file, the attacker can invoke it through a browser or HTTP request, thereby achieving code execution on the server side.
An unauthenticated attacker can gain full control over the server by executing arbitrary code (RCE), as well as read, modify, or delete data on the server.
Apply patches available from the vendor according to references published by TWCERT (https://www.twcert.org.tw/en/cp-139-8249-65252-2.html). Until updates are applied, it is recommended to restrict network access to the application and block unauthorized traffic at the firewall level.
TRCore DVC product — specific versions indicated in vendor references (TWCERT).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTrcore Dvc
APPTrcore6.0 – 6.4 (bez)
Related vulnerabilities
Path Traversal i unrestricted file upload w TRCore DVC — RCE bez uwierzytelnienia
Path Traversal i nieograniczony upload plików w TRCore DVC umożliwiający RCE
TRCore DVC — Path Traversal i nieograniczony upload plików prowadzący do RCE
TRCore DVC — path traversal i unrestricted file upload umożliwiające RCE
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit t...