TWinSoft Configuration Upload Vulnerability in Ovarro TBox

TWinSoft Configuration Upload Vulnerability in Ovarro TBox

CVE-2021-22646 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.

Learn more about our Web Application Penetration Testing UK.