YaTFTPSvr TFTP Server Directory Traversal Vulnerability Network Vulnerability

Summary

YaTFTPSvr TFTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. A remote attacker could exploit this vulnerability using directory- traversal strings (such as '../') to upload and download arbitrary files outside of the TFTP server root directory. This could help the attacker launch further attacks. YaTFTPSvr 1.0.1.200 is vulnerable other versions may also be affected.

References

http://sites.google.com/site/zhaojieding2/
http://www.securityfocus.com/archive/1/520302
http://www.securityfocus.com/bid/50441

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Music Daemon File Disclosure
eXtropia Web Store remote file retrieval
Anaconda Double NULL Encoded Remote File Retrieval
Avaya IP Office Manager TFTP Server Directory Traversal Vulnerability
HTTP Directory Traversal (Windows)

Take action and discover your vulnerabilities