The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
The vulnerability results from two independent weaknesses: lack of proper path validation for uploaded files (Path Traversal, CWE-22/CWE-23) and lack of restrictions on uploaded file types (CWE-434). An attacker, without needing authentication, can construct a request to upload a webshell file to any directory accessible on the server. After placing the webshell in a directory accessible by the web server, the attacker gains the ability to execute arbitrary system commands.
An attacker can gain full control of the system by executing arbitrary code (RCE) from the application server account level, which threatens the confidentiality, integrity, and availability of the entire system.
Patches available from the vendor should be applied in accordance with references published by TWCERT (https://www.twcert.org.tw/en/cp-139-8251-3455e-2.html). Until updates are applied, it is recommended to restrict access to the file upload interface at the firewall or network level and disable anonymous file submission capabilities.
TRCore's DVC product — specific versions indicated in vendor references (TWCERT)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTrcore Dvc
APPTrcore6.0 – 6.4 (bez)
Related vulnerabilities
Path Traversal i unrestricted file upload w TRCore DVC — RCE bez uwierzytelnienia
Path Traversal i nieograniczony upload plików w TRCore DVC — RCE
TRCore DVC — Path Traversal i nieograniczony upload plików prowadzący do RCE
TRCore DVC — path traversal i unrestricted file upload umożliwiające RCE
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit t...