The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
An unauthenticated attacker can upload a file of any type to the application by exploiting the lack of validation of file extensions or content. Using the Path Traversal vulnerability (CWE-22/CWE-23), they can specify a target directory outside the intended application area. After placing a webshell in an appropriate location, the attacker gains the ability to execute system commands through HTTP requests.
An attacker can gain full control of the server by executing arbitrary code (RCE) — the confidentiality, integrity, and availability of the system are compromised. The consequences may include server takeover, data exfiltration, or lateral movement within the network.
Apply patches available from the vendor in accordance with references published by TWCERT (https://www.twcert.org.tw/en/cp-139-8247-83457-2.html). As a temporary workaround, consider restricting access to file upload functionality at the firewall or WAF level and blocking unauthenticated requests to upload endpoints.
TRCore DVC product — specific versions indicated in vendor references (TWCERT).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTrcore Dvc
APPTrcore6.0 – 6.4 (bez)
Related vulnerabilities
Path Traversal i nieograniczony upload plików w TRCore DVC — RCE
Path Traversal i nieograniczony upload plików w TRCore DVC umożliwiający RCE
TRCore DVC — Path Traversal i nieograniczony upload plików prowadzący do RCE
TRCore DVC — path traversal i unrestricted file upload umożliwiające RCE
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit t...