Path Traversal Vulnerability in SMA100 Allows Remote Attackers to Delete Files and Trigger Factory Reset

Path Traversal Vulnerability in SMA100 Allows Remote Attackers to Delete Files and Trigger Factory Reset

CVE-2021-20034 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

Learn more about our Web Application Penetration Testing UK.