Directory Traversal and Authentication Bypass Vulnerability in MERCUSYS Mercury X18G 1.0.5 Devices

CVE-2021-23241 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.

Learn more about our Web App Pen Testing.