CVE-2017-20184

HIGH

Carlo Gavazzi Powersoft <2.1.1.1 - Path Traversal

Title source: llm

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device.

Exploits (1)

exploitdb WORKING POC

by James Fitts · rubywebappswindows

https://www.exploit-db.com/exploits/42705

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42705

Scores

CVSS v3 7.5

EPSS 0.0032

EPSS Percentile 54.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

gavazzionline/powersoft < 2.1.1.1

Published May 04, 2023

Tracked Since Feb 18, 2026