Navtor NavBox Absolute Path Traversal Vulnerability

Vulnerability

A vulnerability allowing absolute path traversal has been identified in Navtor NavBox version 4.12.0.3. This issue arises because the application exposes an HTTP service that does not adequately sanitize user-supplied path inputs. Unauthenticated remote attackers can exploit this vulnerability by sending requests with absolute filesystem paths. Successful exploitation enables the retrieval of arbitrary files from the underlying filesystem, depending on the privileges of the service process. This could result in the exposure of sensitive configuration files and system information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to arbitrary files on the server, potentially including sensitive configuration files and system information.

Added: Mar 6, 2026, 3:17 PM

Updated: Mar 6, 2026, 3:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Navtor NavBox Absolute Path Traversal Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating