// For flags

CVE-2018-7171

TwonkyMedia Server 7.0.11-8.5 - Directory Traversal

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all.

Una vulnerabilidad de salto de directorio en Twonky Server desde la versión 7.0.11 hasta la 8.5 permite que atacantes remotos compartan los contenidos de directorios arbitrarios mediante un .. (punto punto) en el parámetro contentbase en rpc/set_all.

TwonkyMedia Server version 7.0.11-8.5 suffers from a directory traversal vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-02-15 CVE Reserved
  • 2018-03-29 CVE Published
  • 2024-03-09 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lynxtechnology
Search vendor "Lynxtechnology"
 Twonky Server
Search vendor "Lynxtechnology" for product "Twonky Server"
 >= 7.0.11 <= 8.5
Search vendor "Lynxtechnology" for product "Twonky Server" and version " >= 7.0.11 <= 8.5"
-
Affected