Description
There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.
References (2)
Core 2
Core References
Not Applicable
https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141
Release Notes release-notes
https://www.generex.de/support/changelogs/cs141/page:2
Scores
CVSS v3
7.5
EPSS
0.0012
EPSS Percentile
30.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-434
Status
published
Products (1)
generex/cs141_firmware
< 2.06
Published
Sep 28, 2023
Tracked Since
Feb 18, 2026