Personal Weather Station Dashboard Directory Traversal Vulnerability Allowing Arbitrary File Read

A local file inclusion vulnerability has been identified in Personal Weather Station Dashboard version 12_lts. This vulnerability allows unauthenticated remote attackers to read arbitrary files on the server by exploiting a directory traversal flaw in the 'test' parameter of '/others/_test.php'. The issue can be demonstrated by accessing the server's private SSL key in cleartext.

Impact

Exploitation of this vulnerability allows for arbitrary file reading on the server, including exposure of private SSL keys. This could lead to man-in-the-middle attacks and impersonation of the HTTPS server.

Reproduction

To reproduce this vulnerability, send a GET request to '/others/_test.php' with the 'test' parameter set to a directory traversal payload that navigates up the directory structure to access sensitive files, such as the server's private SSL key.

Remediation

Users are advised to remove or update the '_test.php' file, implement file whitelisting in the inclusion process, and rotate any compromised TLS certificates.