ГлавнаяУязвимости → CVE-2025-27850
7.5высокая

CVE-2025-27850

Описание

The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the filesystem is enabled. This allows an attacker to retrieve arbitrary files from the device.

Затрагиваемое ПО
Garmin Empirbus wireless display unit firmwareGarmin Empirbus wireless display unit
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://garmin.comhttps://www8.garmin.com/support/ch.jsp?product=010-02642-00