EIP-2026-102005

This advisory details a directory traversal vulnerability in Sitecom Home Storage Center devices (MD-253 and MD-254) running firmware up to version 2.4.17. The vulnerability allows unauthenticated attackers to read arbitrary files, including those containing administrative credentials, via a crafted URL targeting the `info.cgi` script.