Panabit PAP-XM320 Authentication Bypass Vulnerability in Embedded HTTP Server

Vulnerability

An authentication bypass vulnerability has been identified in the embedded HTTP server of Panabit PAP-XM320, affecting versions up to and including 7.7. The vulnerability arises because the server validates session cookies using a filesystem existence check based on user-controlled cookie values, without proper sanitization. This flaw allows for directory traversal and bypass of authentication.

Impact

Exploitation of this vulnerability allows for authentication bypass, potentially leading to unauthorized access or actions within the application.

Added: May 19, 2026, 5:23 PM

Updated: May 19, 2026, 5:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Panabit PAP-XM320 Authentication Bypass Vulnerability in Embedded HTTP Server

Vulnerability

Impact

Affected Products

Panabit PAP-XM320

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating