CVE-2020-17383

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
24/01/2022
Last modified:
28/01/2022

Description

A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote configuration of the device through the WebUI.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:telosalliance:z\/ip_one_firmware:*:*:*:*:*:*:*:* 4.0.0r (including)
cpe:2.3:h:telosalliance:z\/ip_one:-:*:*:*:*:*:*:*