An authentication bypass vulnerability in the affected software allows unauthenticated attackers to gain unauthorized access to protected resources via path traversal.

The software fails to properly validate URIs, allowing the use of path traversal sequences (e.g., "../") to reach restricted administrative endpoints. This enables an unauthenticated remote attacker to bypass the login requirement and access sensitive functions or data.

This flaw allows attackers to circumvent the primary security perimeter of the application. With a CVSS score of 7.5, the risk is High, as it can lead to unauthorized configuration changes, data exposure, and serve as a stepping stone for more complex attacks against the internal network.

Immediate Action: Apply vendor security updates immediately to correct the URI validation logic and prevent path traversal.

Proactive Monitoring: Review web access logs for requests containing traversal sequences or attempts to access administrative pages without prior authentication.

Compensating Controls: Implement a reverse proxy or WAF to normalize URIs and block requests containing directory traversal patterns.

Public Exploit Available: false

The ability to bypass authentication via simple URI manipulation is a critical weakness. Organizations must prioritize the application of security updates and ensure that all web-facing interfaces are hardened against traversal-style attacks.