Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the `fullPath` parameter of the `/fileDownload?action=downloadBackupFile` endpoint and retrieve files from the server filesystem. VulnCheck has observed this vulnerability being exploited in the wild.
CVSS
No CVSS.
References
Configurations
No configuration.
History
03 Nov 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the `fullPath` parameter of the `/fileDownload?action=downloadBackupFile` endpoint and retrieve files from the server filesystem. VulnCheck has observed this vulnerability being exploited in the wild. |
15 Oct 2025, 15:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the `fullPath` parameter of the `/fileDownload?action=downloadBackupFile` endpoint and retrieve files from the server filesystem. VulnCheck has observed this vulnerability being targeted by the RondoDox botnet campaign. |
15 Oct 2025, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-15 02:15
Updated : 2025-11-03 16:15
NVD link : CVE-2024-13991
Mitre link : CVE-2024-13991
CVE.ORG link : CVE-2024-13991
JSON object : View
Products Affected
No product.
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')