CVE-2017-20184

HIGH

Carlo Gavazzi Powersoft <2.1.1.1 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20184. PoCs published by James Fitts.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in Carlo Gavazzi Powersoft <= 2.1.1.1 by sending a crafted GET request with traversal sequences to retrieve arbitrary files from the server. It authenticates using basic credentials and stores the retrieved file as loot.

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device.

Exploits (1)

exploitdb WORKING POC

by James Fitts · rubywebappswindows

https://www.exploit-db.com/exploits/42705

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in Carlo Gavazzi Powersoft <= 2.1.1.1 by sending a crafted GET request with traversal sequences to retrieve arbitrary files from the server. It authenticates using basic credentials and stores the retrieved file as loot.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Carlo Gavazzi Powersoft <= 2.1.1.1

Auth required

Prerequisites: Valid credentials for authentication · Network access to the target server

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/42705

Scores

CVSS v3 7.5

EPSS 0.0276

EPSS Percentile 84.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

gavazzionline/powersoft < 2.1.1.1

Published May 04, 2023

Tracked Since Feb 18, 2026