Title: ACTi Web Configurator cgi-bin Traversal Arbitrary File Access
Apr 26, 2012
Mar 08, 2012
ACTi Web Configurator contains a flaw related to the cgi-bin directory, that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to read arbitrary files.
Remote / Network Access
Loss of Confidentiality
Upgrade to latest firmware release as of 201204-26 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.