漏洞描述
【漏洞对象】WirelessHART Fieldgate SWG70 【涉及版本】WirelessHART Fieldgate SWG70 3.0 【漏洞描述】WirelessHART FieldgateSWG70无线网关的/fcgi-bin/wgsetcgi文件由于没有对用户的输入引入安全措施,使得攻击者可以往参数filename输入多个../,实现目录跳转,读取系统中的任意文件。
Wireless HART Fieldgate SWG70 wgestcgi filename参数-目录遍历
PoC代码
暂无相关漏洞推荐
- (CVE-2025-8765)Datacom DM955 5GT 1200 825.8010.00设备Wireless Basic Settings组件SSID参数跨站脚本漏洞
- POC CVE-2015-0554: ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
- POC CVE-2018-16059: WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion
- POC CVE-2020-35338: Wireless Multiplex Terminal Playout Server <=20.2.8 - Default Credential Detection
- POC CVE-2021-28937: Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure
- POC CVE-2023-25717: Ruckus Wireless Admin - Remote Code Execution
- POC CVE-2023-25717: Ruckus Wireless Admin - Remote Code Execution
- POC 3Com-wireless-default-login: 3Com Wireless 8760 Dual Radio - Default Login
- POC ruckus-wireless-default-login: Ruckus Wireless - Default Login
- POC tplink-wR940n-default-login: TP-Link Wireless N Router WR940N - Default-Login
- POC apache-filename-enum: Apache Filename Enumeration
- POC dlink-n300-backup: DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure
- LTE Wireless Router 存在弱口令漏洞