Description
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-3846-7790c-1.html
Scores
CVSS v3
7.5
EPSS
0.0160
EPSS Percentile
72.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
cellopoint/cellos
4.1.10 build20190922
Published
Aug 25, 2020
Tracked Since
Feb 18, 2026