Primary

Context

Gladinet Triofox Server Agent Path Traversal Vulnerability in WOSDefaultHttpModule.dll

Vulnerability

Patched

A path traversal vulnerability has been identified in Gladinet Triofox Server Agent versions prior to 17.1.10488.57063. The vulnerability exists in WOSDefaultHttpModule.dll when processing URL paths that start with '/woshome'. This flaw allows an attacker to traverse directories and access restricted files on the server.

Impact

Exploitation of this vulnerability allows for unauthorized access to files on the server where Triofox Server Agent is installed. This could include sensitive information, depending on the files accessed.

Reproduction

The vulnerability can be reproduced by sending a request to the Triofox Server Agent Access Service on TCP port 7878 with a URL path that includes a directory traversal sequence (such as '../../..') followed by a target file, like 'win.ini'.

Remediation

Users are advised to upgrade to Gladinet Triofox Server Agent version 17.3.10565.57509 or later.

Added: May 28, 2026, 3:22 AM

Updated: May 28, 2026, 3:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

8.7

remediation

0.0

relevance

9.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

8.7

remediation

0.0

relevance

9.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gladinet Triofox Server Agent Path Traversal Vulnerability in WOSDefaultHttpModule.dll

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Gladinet Triofox Server Agent

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating