CVE-2021-43930

medium

Description

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system.

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-04

Details

Source: Mitre, NVD

Published: 2022-04-28

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.9

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00064