Improper input validation in Evbee Dc-80
CVE-2026-22102
A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial o…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
Affected products
- Evbee Dc-80 — versions 0
Weakness classification (CWE)
References
- csirt@divd.nl (third-party-advisory)