7.5
CVE-2024-22079
- EPSS 0.68%
- Veröffentlicht 20.03.2024 05:15:45
- Zuletzt bearbeitet 16.04.2025 17:28:31
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elspec-ltd ≫ G5dfr Firmware Version < 1.2.1.12
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.68% | 0.707 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-24 Path Traversal: '../filedir'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.