CVE-2021-4463
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Shenzhen Longjing Technology Co. Ltd. | BEMS API | 0 <= 1.21 | affected |
Weaknesses
- CWE-552: CWE-552 Files or Directories Accessible to External Parties
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5657.php
- https://www.exploit-db.com/exploits/50163
- https://packetstormsecurity.com/files/163702
- https://cxsecurity.com/issue/WLB-2021070173
- https://exchange.xforce.ibmcloud.com/vulnerabilities/206477
- https://web.archive.org/web/20220527162453/http://www.ljkj2012.com/
- https://www.vulncheck.com/advisories/longjing-technology-bems-api-remote-arbitrary-file-download
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.