Path-Traversal Vulnerability in Revolution Pi by KUNBUS GmbH
CVE-2024-8685

4.3MEDIUM

Key Information:

Vendor: Kunbus Gmbh
Status: Revolution Pi
Vendor: CVE Published:; 10 February 2025

Summary

A path-traversal vulnerability exists in Revolution Pi version 2022-07-28-revpi-buster developed by KUNBUS GmbH. An authenticated attacker can exploit this flaw by sending crafted requests to the '/pictory/php/getFileList.php' endpoint. Manipulating the ‘dir’ parameter may allow unauthorized access to sensitive device directories, posing a significant security risk.

Affected Version(s)

Revolution Pi 2022-07-28-revpi-buster version

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/mu...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 10, 2025
Vulnerability Reserved
Sep 11, 2024

Credit

Ehab Hussein