Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
A10 Networks AX Loadbalancer Path Traversal
Vulnerability Description
A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP requests containing directory traversal sequences to read arbitrary files outside the intended directory. The files returned by the vulnerable endpoint are deleted from the system after retrieval. This can lead to unauthorized disclosure of sensitive information such as SSL certificates and private keys, as well as unintended file deletion.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
A10 Networks AX Loadbalancer 安全漏洞
Vulnerability Description
A10 Networks AX Loadbalancer是美国A10 Networks公司的一款负载均衡器设备。 A10 Networks AX Loadbalancer 2.6.1-GR1-P5和2.7.0及之前版本存在安全漏洞,该漏洞源于filename参数未经验证,可能导致路径遍历和信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A