Back to overview

CVE-2025-70796

HIGH Exploitation: PoC
7.5
CVSS 3.1
Description
An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Technology, Inc.) version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal sequences to access files outside of the intended web root directory. This may allow disclosure of sensitive system files and configuration data

Metadata

CVE ID
CVE-2025-70796
State
PUBLISHED
Assigner
mitre
Reserved
2026-01-09 00:00 UTC
Published
2026-07-10 00:00 UTC
Last updated
2026-07-10 18:05 UTC
Primary CWE
CWE-22
CWE-22 Improper Limitation of a Pathname to a Restricted Dir…
Vendor / Product
n/a / n/a
Sources
cve.org  ·  NVD

Severity & Metrics

7.5 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
yes
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
n/a n/a n/a
Weakness (CWE)
CWESourceDescription
cna n/a
CWE-22 adp CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.5 HIGH 3.1 adp CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Back to overview