Overview :
FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.
Affected Product(s) :
  • FiberHome HG2201T
Vulnerability Details :
CVE ID : CVE-2019-17187
Incorrect Access Control/Directory Traversal

/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.

Solution :
Apply the vendor Security Patch