PCViewer vt1000 Directory Traversal via GET Request
Description
PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system files outside the intended directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
PCViewer vt1000 is vulnerable to directory traversal via GET requests, allowing unauthenticated attackers to read arbitrary files.
Vulnerability
PCViewer vt1000, a file management application, contains a directory traversal vulnerability (CWE-22) in its web server component. The server fails to validate user-supplied paths in GET requests, allowing relative path sequences such as ../../../../etc/passwd to access files outside the intended directory. The vulnerability affects all versions of PCViewer up to and including vt1000 [1][2]. No authentication is required to trigger the flaw.
Exploitation
An unauthenticated attacker can exploit this vulnerability by sending a crafted GET request to the target device on port 8080. The request includes path traversal sequences (e.g., ../../../../../../../../../../../../etc/passwd) in the URI. The server responds with the contents of the requested file, as demonstrated in the public proof-of-concept [2]. No user interaction or special privileges are needed.
Impact
Successful exploitation allows an attacker to read arbitrary files from the host system, leading to information disclosure. Sensitive files such as /etc/passwd can be retrieved, potentially exposing user account details. The impact is limited to confidentiality; no write or code execution capabilities are described in the available references.
Mitigation
As of the publication date, no official patch or fixed version has been released by the vendor. The software may be end-of-life. Mitigation relies on network-level controls, such as restricting access to the affected device to trusted hosts only, or disabling the web interface if not required. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input validation on the HTTP request URI allows directory traversal."
Attack vector
An unauthenticated attacker sends a crafted HTTP GET request containing relative path traversal sequences (e.g., `../../../../../../../../../../../../etc/passwd`) to the target server on port 8080 [ref_id=1]. The server does not validate or restrict the request path, so it resolves the traversal sequence and returns the contents of the requested file from outside the intended web root. The attacker can read any file the server process has access to, including sensitive system files such as `/etc/passwd` [ref_id=1].
Affected code
The exploit targets the PCViewer vt1000 application, which runs a "Cross Web Server" on TCP port 8080. The vulnerable component is the HTTP request handler that fails to validate or sanitize the request URI path before serving the corresponding file from the filesystem.
What the fix does
No patch or vendor advisory is included in the bundle. The reference write-up does not describe any remediation steps or updated versions [ref_id=1]. To close this vulnerability, the application would need to validate that the normalized request path stays within the designated document root directory, rejecting any path containing `../` sequences or resolving to a location outside the allowed base directory.
Preconditions
- networkThe PCViewer vt1000 service must be running and reachable on TCP port 8080.
- authNo authentication is required; the attacker can be unauthenticated.
Reproduction
1. Ensure the target PCViewer vt1000 service is running and accessible on port 8080. 2. Send the following raw HTTP GET request using a tool such as netcat or curl: `GET ../../../../../../../../../../../../etc/passwd HTTP/1.1` `Host: target:8080/` 3. Observe the server responds with `HTTP/1.1 200 OK` and the contents of `/etc/passwd` in the response body [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- www.exploit-db.com/exploits/45248mitreexploit
- www.vulncheck.com/advisories/pcviewer-vt1000-directory-traversal-via-get-requestmitrethird-party-advisory
- www.softpedia.com/get/System/File-Management/Pc-Viewer.shtmlmitreproduct
News mentions
0No linked articles in our index yet.