Path traversal via camera streaming on GladysAssistant(CVE-2023-47440)
| Vendor | GladysAssistant |
| Affected product | GladysAssistant |
| Affected versions | < 4.30 |
| Vulnerability type | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| Description | The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine. |
| Status | fixed in >= 4.30 |
| Reporter | So Sakaguchi, GMO Cybersecurity by Ierae, Inc. |