Cassia Networks Access Controller Path Traversal
Description
Path traversal vulnerability in Cassia Networks Access Controller allows viewing arbitrary files via the minify route with a relative path.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Path traversal vulnerability in Cassia Networks Access Controller allows viewing arbitrary files via the minify route with a relative path.
Vulnerability
The Cassia Networks Access Controller prior to version 2.0.1 contains a path traversal vulnerability in the minify route. By providing a relative path, an attacker can read any file on the device's filesystem. This affects all versions before 2.0.1. [1]
Exploitation
An attacker with network access to the Access Controller can send a crafted HTTP request to the minify route with a relative path (e.g., ../../../etc/passwd). No authentication is required, and the attack can be performed remotely without user interaction. [1]
Impact
Successful exploitation allows the attacker to read arbitrary files from the device, including configuration files, credentials, and other sensitive data, leading to information disclosure. The attacker does not need elevated privileges. [1]
Mitigation
The vulnerability is fixed in Cassia Networks Access Controller version 2.0.1, released after the advisory. Users should upgrade to this version or later. No workarounds are documented in the available references. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <2.0.1
- Cassia Networks/Access Controllerv5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.