CVE-2024-13991
Huijietong Cloud Video Platform fileDownload Arbitrary File Read
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- October 14, 2025
- Published Date
- October 15, 2025
- Last Updated
- November 03, 2025
- Vendor
- Huijietong
- Product
- Cloud Video Platform
- Description
- Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the `fullPath` parameter of the `/fileDownload?action=downloadBackupFile` endpoint and retrieve files from the server filesystem. VulnCheck has observed this vulnerability being exploited in the wild.
CVSS Scores
CVSS v4.0
8.7 - HIGH
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
SSVC Information
- Exploitation
- poc
- Automatable
- Yes
- Technical Impact
- partial
Exploit Status
- Exploited in the Wild
- Yes (2026-06-01 10:43:25 UTC) Source
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CVE | 2026-06-01 10:43:25 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel