vendor:
Dixell XWEB-500
by:
Roberto Palamaro
N/A
CVSS
MEDIUM
Arbitrary File Write
22
CWE
Product Name: Dixell XWEB-500
Affected Version From: XWEB-500
Affected Version To: XWEB-500
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Dixell XWEB-500
2022
Dixell XWEB-500 – Arbitrary File Write
Dixell XWEB-500 is affected by multiple Arbitrary File Write Vulnerability. The exploit allows an attacker to write arbitrary files on the target system using various endpoints such as logo_extra_upload.cgi, lo_utils.cgi, and cal_save.cgi. The attacker can specify the filename and content of the file to be written.
Mitigation:
Apply the latest patch or update from the vendor. Restrict access to the affected endpoints from untrusted networks. Regularly monitor and review file upload functionality for any suspicious activity.