Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful exploitation allows the attacker to retrieve arbitrary files from the underlying filesystem, limited only by the privileges of the service process. This can lead to the exposure of sensitive configuration files and system information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
绝对路径遍历
Vulnerability Title
Navtor NavBox 安全漏洞
Vulnerability Description
Navtor NavBox是挪威Navtor公司的一款用于船舶电子海图管理和航行数据同步的航运信息系统设备。 Navtor NavBox存在安全漏洞,该漏洞源于HTTP服务未正确清理用户提供的路径输入,可能导致未经身份验证的远程攻击者检索底层文件系统中的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A