CVE-2021-35380

HIGH NUCLEI

Solari di Udine TTServer 3.24.0.2 - Path Traversal

Title source: llm

Description

A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download (http://url:port/file?valore).

Exploits (1)

exploitdb WORKING POC

by Fabiano Golluscio · textremotewindows

https://www.exploit-db.com/exploits/50638

View Code ZIP pw:eip

Nuclei Templates (1)

TermTalk Server 3.24.0.2 - Local File Inclusion

HIGHby fxploit

References (3)

[Third Party Advisory] https://www.swascan.com/it/security-blog/

[Third Party Advisory] https://www.swascan.com/solari-di-udine/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50638

Scores

CVSS v3 7.5

EPSS 0.4946

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

solari/termtalk_server 3.24.0.2

Published Feb 15, 2022

Tracked Since Feb 18, 2026