CVE-2021-45427
CRITICAL WAF: High
CVSS 9.8
Published: 2021-12-30
CWE-22
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| emerson | xweb300d_evo_firmware | 3.0.7 |
References
- drive.google.com (Third Party Advisory)
- drive.google.com (Third Party Advisory)
- drive.google.com (Exploit, Third Party Advisory)