Primary

Context

NetAlertX Unauthenticated Arbitrary File Read Vulnerability

Vulnerability

An unauthenticated arbitrary file read vulnerability has been identified in NetAlertX versions 24.7.18 prior to 24.10.12. The issue arises in the logs.php component, where an HTTP client can bypass authentication and exploit a directory traversal vulnerability to read sensitive files, such as the passwd file.

Impact

Exploitation of this vulnerability allows for unauthorized access to arbitrary files on the server, potentially leading to the disclosure of sensitive information.

Reproduction

The vulnerability can be reproduced by sending a POST request to the 'php/components/logs.php' endpoint. The request must include a payload that specifies the desired file to read via a path traversal technique, such as '../../../../../etc/passwd'.

Remediation

Users can upgrade to NetAlertX version 24.10.12 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

7.7

relevance

0.0

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

7.7

relevance

0.0

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NetAlertX Unauthenticated Arbitrary File Read Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating