CVE-2021-23241
07.01.2021, 21:15
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
Vendor | Product | Version |
---|---|---|
mercusys | mercury_x18g_firmware | 1.0.5 |
𝑥
= Vulnerable software versions
References