An authenticated remote attacker can exploit a path traversal vulnerability in the ugw-logread method to access sensitive local system files.

This vulnerability is classified as a Path Traversal (CWE-22) flaw occurring in the ugw-logread method. By failing to sufficiently validate user-supplied input, the application allows an attacker with user privileges to escape intended directory boundaries and read sensitive files from the underlying filesystem.

With a CVSS score of 8.8, this vulnerability presents a significant risk of data exposure. An attacker could leverage this access to retrieve configuration files, credentials, or other sensitive system data, which could facilitate further lateral movement or complete system compromise.

Immediate Action: Update the affected component to version 6_0_0_7 or later as outlined in the vendor advisory (certvde.com/VDE-2026-036).

Proactive Monitoring: Review application logs for suspicious input patterns, particularly those containing directory traversal sequences (e.g., "../").

Compensating Controls: Use a Web Application Firewall (WAF) configured to inspect and block inputs containing path traversal characters directed at the logread utility.

Public Exploit Available: false

The ability to read arbitrary files is a critical security failure. Administrators must apply the vendor-supplied patch to version 6_0_0_7 immediately to prevent unauthorized access to sensitive local system data.