CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Cdpenergy: >> Snmp Web Pro Firmware Security Vulnerabilities

CVE-2025-65287

An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary files. The CGI concatenates the user-supplied params directly onto the base path (/var/www/files/userScript/) using memcpy + strcat without validation or canonicalization, enabling ../ sequences to escape the intended directory. The download branch also echoes the unsanitized params into Content-Disposition, introducing header-injection risk.

CVSS Score

4.3

EPSS Score

0.0

Published

2025-12-09

Page 1

Vulnerabilities

Vulnerable Software

Cdpenergy: >> Snmp Web Pro Firmware Security Vulnerabilities

Products

Pricing

Contact Us