CVE-2019-6268

moderate-risk
Published 2024-03-08

RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.

Do I need to act?

-
0.51% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

References (4)

https://packetstormsecurity.com/files/177440/RAD-SecFlow-2-Path-Traversal.html
https://www.owasp.org/index.php/Path_Traversal
https://packetstormsecurity.com/files/177440/RAD-SecFlow-2-Path-Traversal.html
https://www.owasp.org/index.php/Path_Traversal
33
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal