Path Traversal Vulnerability in Huijietong Cloud Video Platform
CVE-2024-13991

8.7HIGH

Key Information:

Vendor: Huijietong
Status: Cloud Video Platform
Vendor: CVE Published:; 15 October 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-13991?

The Huijietong Cloud Video Platform is vulnerable to a path traversal attack, enabling unauthenticated users to manipulate the fullPath parameter of the /fileDownload?action=downloadBackupFile endpoint. This exploitation can lead to unauthorized access to sensitive files on the server. The vulnerability has been notably targeted by the Rondo botnet, highlighting the urgency for immediate remediation and protection against data breaches.

Affected Version(s)

Cloud Video Platform *

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-13991 - Proof of Concept

References

https://cn-sec.com/archives/2941393.html

technical-descriptionexploit

https://www.vulncheck.com/advisories/huijietong-cloud-vid...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 15, 2025
👾
Exploit known to exist
Oct 15, 2025
Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Oct 14, 2025

Credit

CN-SEC

JSON