CNNVD-202602-2220 Information
CNNVD ID
CNNVD-202602-2220
Related CVE
- CNNVD Published: 2026-02-13
Description (Chinese)
BACnet Stack是BACnet Stack开源的一个适用于嵌入式系统、Linux、MacOS、BSD 和 Windows 的 BACnet 开源协议栈 C 库。 BACnet Stack 1.5.0.rc3之前版本存在路径遍历漏洞,该漏洞源于文件写入功能未验证用户提供的文件路径,可能导致向任意目录写入文件。
Description (English)
BACnet Stack is a BACnet Open Source Library C for embedded systems, Linux, MacOS, BSD and Windows. The pre-Bacnet Stack 1.5.0.rc3 version has a loophole in the path, which stems from the fact that the file writing function does not verify the file path provided by the user and may lead to the writing of a file to any directory.
Vulnerability Type
路径遍历
Affected Vendor
BACnet Stack
Published
2026-02-13
Last Modified
2026-02-24
References
https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3 https://github.com/bacnet-stack/bacnet-stack/security/advisories/GHSA-p8rx-c26w-545j
Patch
https://github.com/bacnet-stack/bacnet-stack/tags
Share on: