CVE-2017-7577NVD

Vulnerability Summary

XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request.

Severity Level

CRITICAL(9.8)

Published Date

Apr 7, 2017

Last Modified

May 13, 2026

Exploitation Status

????

EPSS Score (30-Day)

5.64%Probability

Root Weakness (CWE)

CWE-22: Path Traversal ↗

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.

CVSS v3.0 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

http://zeroday.insecurity.zone/exploits/uc-httpd_lfi.txt
http://zeroday.insecurity.zone/exploits/uc-httpd_lfi.txt

Critical Alert 3 Active Exploits Detected Today

Critical Alert

CVE Watchtower

CVE-2017-7577NVD

Vulnerability Summary

External References