Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation18 reference(s) from NVD