The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
The vulnerability results from two related weaknesses: lack of proper path validation (path traversal, CWE-22/CWE-23) and lack of restrictions on uploaded file types (CWE-434). An attacker can send an HTTP request containing a crafted path that bypasses directory protection mechanisms and places a file anywhere in the server's file system. Uploading an executable file (e.g., a PHP/ASP webshell) to a directory accessible by the web server enables subsequent remote execution of system commands.
An unauthenticated attacker can gain full control over the server by executing arbitrary code (RCE), which threatens the confidentiality, integrity, and availability of the system.
Patches available from the vendor should be applied in accordance with references published by TWCERT (https://www.twcert.org.tw/en/cp-139-8253-bc363-2.html). Until updates are applied, it is recommended to restrict access to the application at the firewall level and disable file upload functionality if possible.
TRCore's DVC product — versions indicated in vendor references (TWCERT).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTrcore Dvc
APPTrcore6.0 – 6.4 (bez)
Related vulnerabilities
Path Traversal i unrestricted file upload w TRCore DVC — RCE bez uwierzytelnienia
Path Traversal i nieograniczony upload plików w TRCore DVC — RCE
Path Traversal i nieograniczony upload plików w TRCore DVC umożliwiający RCE
TRCore DVC — path traversal i unrestricted file upload umożliwiające RCE
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit t...