TWinSoft Configuration Upload Vulnerability in Ovarro TBox
CVE-2021-22646 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.
Learn more about our Web Application Penetration Testing UK.