Primary

Context

Digiever DS-2105 Pro Arbitrary File Read Vulnerability

Vulnerability

A vulnerability allowing arbitrary file read has been identified in the Digiever DS-2105 Pro model, specifically in version 3.1.0.71-11. This issue arises in the access_device.cgi script, which is part of the device's CGI gateway. The vulnerability is present on devices that are no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability allows authenticated users to read arbitrary files on the device.

Reproduction

To reproduce this vulnerability, an authenticated user must send a request to the access_device.cgi script via the CGI gateway. The request must include a crafted fileName parameter that specifies the path of the file to be read. This exploitation can be detected by TXOne networking products.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

6.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

6.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Digiever DS-2105 Pro Arbitrary File Read Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating