Primary

Context

Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability

Vulnerability

A directory traversal vulnerability allowing information disclosure and denial-of-service conditions has been identified in Marvell QConvergeConsole. This issue arises in the compressConfigFiles method, where user-supplied paths are not properly validated before being used in file operations. As a result, remote attackers can exploit this vulnerability to access sensitive information or disrupt service. Notably, authentication is not required for exploitation.

Impact

Exploitation of this vulnerability can lead to unauthorized information disclosure and the creation of a denial-of-service condition on the affected system.

Remediation

Marvell QConvergeConsole has reached its End of Life and End of Support status, with the last supported version released in January 2022. The vendor no longer recommends the use of this tool.

Added: Jul 31, 2025, 6:17 PM

Updated: Jul 31, 2025, 6:44 PM

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

5.0

exploitability

4.7

remediation

0.0

relevance

0.3

threat

0.3

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

5.0

exploitability

4.7

remediation

0.0

relevance

0.3

threat

0.3

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Marvell QConvergeConsole

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating