How severe is CVE-2023-29401?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2023-29401?

This is classified as CWE-494, which is a common weakness in software security.

CVE-2023-29401 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat";x=.txt" will be sent as a file named "setup.bat". If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.

Related Vulnerabilities

CVE-2024-33660

MEDIUM

CVSS:4.3(Medium)

An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.

CWE-4942024

CVE-2022-46428

MEDIUM

CVSS:4.8(Medium)

TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update...

CWE-4942022

CVE-2022-46430

MEDIUM

CVSS:4.8(Medium)

TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware u...

CWE-4942022

CVE-2023-5630

MEDIUM

CVSS:4.9(Medium)

A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware.

CWE-4942023

CVE-2023-5984

MEDIUM

CVSS:4.9(Medium)

A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could r...

CWE-4942023

CVE-2017-2739

LOW

CVSS:3.1(Low)

The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to im...

CWE-4942017