Intrusion Prevention

RAVPower.Filehub.HTTP.Server.Unrestricted.File.Upload

Description

This indicates an attack attempt to exploit an Unrestricted File Upload vulnerability in RAVPower Filehub.
The vulnerability is due to insufficient sanitizing of user supplied inputs when handling a crafted request. A remote attacker may be able to exploit this to upload a file with root privilege, which can lead to remote code execution as root.

Affected Products

Version 2.000.056 and earlier

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently, we are unaware of any vendor supplied patch for this issue.

CVE References

CVE-2018-5997