CVE-2026-22102

EVbee · DC-80

An unauthenticated arbitrary file write vulnerability in the EVbee DC-80 webserver allows attackers to overwrite system files via a crafted POST request.

Executive summary

The EVbee DC-80 contains a critical arbitrary file write vulnerability that can lead to remote code execution or system denial of service.

Vulnerability

This is an improper input validation vulnerability (CWE-20) where the webserver fails to sanitize the filename parameter in the Content-Disposition header. This allows an unauthenticated remote attacker to write to arbitrary file locations on the underlying operating system.

Business impact

Successful exploitation carries a high risk of total system compromise, including the ability to overwrite critical system configuration files or inject malicious shell scripts. Given the CVSS score of 9.3, this vulnerability represents a critical threat to data integrity, system availability, and potential unauthorized access to the operational environment.

Remediation

Immediate Action: Update the EVbee DC-80 firmware to version 1.5.1 or later immediately.

Proactive Monitoring: Review web server access logs for suspicious POST requests containing unusual filename parameters or path traversal sequences.

Compensating Controls: Deploy a Web Application Firewall (WAF) configured to inspect and block malformed Content-Disposition headers and restrict access to the web management interface from untrusted networks.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

This is a critical vulnerability that permits full control over file system writes without authentication. Administrators must prioritize updating the affected EVbee DC-80 units to version 1.5.1 as soon as possible to neutralize the risk of remote code execution.