CVE-2025-70796
Received Received - Intake

Path Traversal in WTI Web Management Interface

Vulnerability report for CVE-2025-70796, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: MITRE

Description

An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Technology, Inc.) version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal sequences to access files outside of the intended web root directory. This may allow disclosure of sensitive system files and configuration data

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
wti wti 3.5.0.r
wti wti_web_management_interface to 3.5.0.r (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-70796 is an unauthenticated path traversal vulnerability in the WTI Web Management Interface, specifically the Camera Control component version 3.5.0.r (build 2024/05/24).

An attacker can send malicious HTTP requests containing directory traversal sequences (../) to access files outside the intended web root directory without needing to authenticate.

This allows the attacker to read sensitive system files and configuration data, such as /etc/passwd, potentially exposing credentials and other critical information.

Compliance Impact

This vulnerability allows unauthenticated attackers to access sensitive system files and configuration data, including credentials, by exploiting a path traversal flaw in the WTI Web Management Interface.

The disclosure of sensitive information could lead to unauthorized access and potential data breaches, which may result in non-compliance with data protection regulations such as GDPR and HIPAA that require safeguarding of personal and sensitive data.

Organizations using affected WTI devices must mitigate this vulnerability to maintain compliance by applying vendor updates, restricting access, enforcing strong authentication, and monitoring for suspicious activity.

Impact Analysis

This vulnerability can lead to the disclosure of sensitive system files and configuration data, including stored credentials.

Such exposure can facilitate privilege escalation or lateral movement within the affected environment, increasing the risk of further compromise.

Because the attack requires no authentication and can be executed remotely over the network, it poses a high risk to confidentiality.

Detection Guidance

This vulnerability can be detected by attempting to exploit the path traversal flaw using crafted HTTP requests containing directory traversal sequences (../) to access files outside the web root directory.

A suggested command to test for this vulnerability is using curl with the --path-as-is flag to bypass client-side path normalization and attempt to retrieve sensitive files such as /etc/passwd.

  • curl --path-as-is "http://<target-ip-or-host>/path/to/vulnerable/endpoint?file=../../../../etc/passwd"
Mitigation Strategies

Immediate mitigation steps include applying vendor-provided updates to fix the vulnerability.

Additionally, restrict access to the web management interface to trusted networks or IP addresses.

Enforce strong authentication mechanisms on the web interface to prevent unauthenticated access.

Monitor network and system logs for suspicious activity that may indicate exploitation attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70796. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart