CVE-2026-36829
Authentication Bypass via Directory Traversal in Panabit PAP-XM320
Publication date: 2026-05-19
Last updated on: 2026-05-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| panabit | pap-xm320 | to 7.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authentication bypass via directory traversal in the embedded HTTP server of Panabit PAP-XM320, potentially exposing sensitive data and compromising system integrity.
Such a security flaw could lead to unauthorized access to protected information, which may result in non-compliance with data protection regulations like GDPR and HIPAA that require strict access controls and protection of personal and sensitive data.
However, the provided information does not explicitly mention the impact on compliance with these standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an authentication bypass in the embedded HTTP server of Panabit PAP-XM320 devices up to version 7.7, caused by improper sanitization of user-controlled session cookies allowing directory traversal.
To detect this vulnerability on your network or system, you can attempt to access the embedded HTTP server and test for authentication bypass by manipulating session cookies to include directory traversal sequences (e.g., ../) and observe if unauthorized access is granted.
Specific commands or tools to detect this might include using curl or a web proxy tool to send HTTP requests with crafted cookies. For example:
- curl -v --cookie "session=../../etc/passwd" http://<device-ip>/
- Use a web proxy like Burp Suite to intercept and modify session cookies to include directory traversal payloads and check for unauthorized access.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the embedded HTTP server of Panabit PAP-XM320 devices by limiting network exposure, such as placing the device behind a firewall or VPN.
Additionally, disable or restrict HTTP management interfaces if possible, and monitor for suspicious authentication bypass attempts.
Contact Panabit support or check for firmware updates that address this vulnerability and apply patches as soon as they become available.
Can you explain this vulnerability to me?
This vulnerability is an authentication bypass in the embedded HTTP server of Panabit PAP-XM320 devices up to version 7.7. The server checks session cookies by verifying the existence of files on the filesystem using a value from a user-controlled cookie. Because this value is not properly sanitized, an attacker can perform directory traversal attacks, allowing them to bypass authentication mechanisms.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can bypass authentication on the affected device's HTTP server. This means unauthorized users could gain access to administrative or sensitive functions without proper credentials, potentially leading to unauthorized control, data exposure, or manipulation of the device.