CVE-2024-13991 – Huijietong Cloud Video Platform fileDownload Arbitrary File Read

CVE ID : CVE-2024-13991

Published : Oct. 15, 2025, 2:15 a.m. | 24 minutes ago

Description : Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the `fullPath` parameter of the `/fileDownload?action=downloadBackupFile` endpoint and retrieve files from the server filesystem. VulnCheck has observed this vulnerability being targeted by the Rondo botnet.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…