Directory Traversal Vulnerability in Blynk-Server Allows Unauthorized File Access

Directory Traversal Vulnerability in Blynk-Server Allows Unauthorized File Access

CVE-2018-17785 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file.

Learn more about our Cis Benchmark Audit For Server Software.