Linknat VOS Manager Path Traversal Vulnerability Allowing Arbitrary File Read

A path traversal vulnerability has been identified in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds. This vulnerability allows unauthenticated remote attackers to read arbitrary files on the server. It can be exploited by injecting encoded traversal sequences into the request path, bypassing input validation and disclosing sensitive files. The vulnerability is accessible via multiple localized subpaths such as '/eng/', '/chs/', or '/cht/', where the 'js/lang_en_us.js' or equivalent files are loaded.

Impact

Exploitation of this vulnerability leads to unauthorized reading of files on the server, which could include sensitive information.

Reproduction

The vulnerability can be reproduced by sending a request to the server with an injected traversal sequence that encodes the '../' sequence. This can be done through the '/eng/', '/chs/', or '/cht/' subpaths, targeting the 'js/lang_en_us.js' file or its equivalent in other languages. The server's response can then be checked for the contents of the traversed file.