CVE-2021-45427: Path Traversal
First published: Thu Dec 30 2021(Updated: )
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Emerson Xweb300d Evo Firmware | =3.0.7-3ee403 | |
| Emerson Xweb300d Evo |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-45427?
CVE-2021-45427 has a severity rating of 9.8 (Critical).
What is the vulnerability in Emerson XWEB 300D EVO 3.0.7--3ee403?
The vulnerability in Emerson XWEB 300D EVO 3.0.7--3ee403 is unauthenticated arbitrary file deletion due to path traversal.
How does the vulnerability in Emerson XWEB 300D EVO 3.0.7--3ee403 occur?
The vulnerability occurs due to incorrect access control and directory traversal, allowing an attacker to browse and delete files without authentication.
Which software versions of Emerson XWEB 300D EVO are affected?
Emerson XWEB 300D EVO firmware version 3.0.7-3ee403 is affected.
Is the Emerson XWEB 300D EVO itself vulnerable to the CVE-2021-45427 vulnerability?
No, the Emerson XWEB 300D EVO itself is not vulnerable to CVE-2021-45427.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/emerson
- canonical/emerson xweb300d evo firmware
- version/emerson xweb300d evo firmware/3.0.7-3ee403
- canonical/emerson xweb300d evo