CVE-2026-22102
EVbee · DC-80
An unauthenticated arbitrary file write vulnerability in the EVbee DC-80 webserver allows attackers to overwrite system files via a crafted POST request.
Executive summary
The EVbee DC-80 contains a critical arbitrary file write vulnerability that can lead to remote code execution or system denial of service.
Vulnerability
This is an improper input validation vulnerability (CWE-20) where the webserver fails to sanitize the filename parameter in the Content-Disposition header. This allows an unauthenticated remote attacker to write to arbitrary file locations on the underlying operating system.
Business impact
Successful exploitation carries a high risk of total system compromise, including the ability to overwrite critical system configuration files or inject malicious shell scripts. Given the CVSS score of 9.3, this vulnerability represents a critical threat to data integrity, system availability, and potential unauthorized access to the operational environment.
Remediation
Immediate Action: Update the EVbee DC-80 firmware to version 1.5.1 or later immediately.
Proactive Monitoring: Review web server access logs for suspicious POST requests containing unusual filename parameters or path traversal sequences.
Compensating Controls: Deploy a Web Application Firewall (WAF) configured to inspect and block malformed Content-Disposition headers and restrict access to the web management interface from untrusted networks.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
This is a critical vulnerability that permits full control over file system writes without authentication. Administrators must prioritize updating the affected EVbee DC-80 units to version 1.5.1 as soon as possible to neutralize the risk of remote code execution.