Q-Free MaxTime Unrestricted File Upload Vulnerability Allowing Arbitrary File Overwrite

A vulnerability allowing unrestricted upload of files with dangerous types has been identified in Q-Free MaxTime versions through 2.11.0. This issue allows authenticated remote attackers to upload malicious files via crafted HTTP requests. The vulnerability could be exploited to overwrite arbitrary files, potentially leading to system compromise or denial-of-service conditions.

Impact

Exploitation of this vulnerability could allow authenticated remote attackers to overwrite arbitrary files, with the potential for system compromise or causing a denial-of-service condition.

Remediation

An official solution has not been communicated by the vendor. However, it is recommended to restrict and monitor network access to the management web application exposed by devices running Q-Free MaxTime through 2.11.0, until a patch is released.