Solarview Compact Firmware
CVE-2023-40924
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
SolarView Compact < 6.00 is vulnerable to Directory Traversal.
AnalysisAI
SolarView Compact < 6.00 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. SolarView Compact < 6.00 is vulnerable to Directory Traversal. Affected products include: Contec Solarview Compact Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Solarview Compact Firmware
View allThere is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassin
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. Rated critical severity
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php. Rated critical
SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.1), this vulnerability i
SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php. Rated medium severity (CVSS 6.1
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.ph
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today