When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
As per the researchers, Traccar GPS carried two path traversal vulnerabilities: CVE-2024-24809, and CVE-2024-31214.
The former has a severity score of 8.5, while the latter 9.7.
Both allow malicious actors to upload files with dangerous file types and thus put the entire endpoint in jeopardy.
“However an attacker only has partial control over the filename.”
More details can be found onthis link.
This version turns off self-registration by default, effectively closing down the attack avenue.
“These are the default prefs for Traccar 5.”
ViaThe Hacker News
