CVE-2026-1523
📋 TL;DR
A path traversal vulnerability in Digitek ADT1100 and DT950 devices allows attackers to access arbitrary files on the server's file system by manipulating URL parameters with encoded directory traversal sequences. This affects PRIMION DIGITEK, S.L.U (Azkoyen Group) devices, potentially exposing sensitive system files like /etc/passwd.
💻 Affected Systems
- Digitek ADT1100
- Digitek DT950
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through credential theft, configuration file access, and potential privilege escalation leading to full device control.
Likely Case
Information disclosure of sensitive files including passwords, configuration data, and system information that could enable further attacks.
If Mitigated
Limited impact if proper network segmentation and access controls prevent external exploitation attempts.
🎯 Exploit Status
Simple URL manipulation with encoded traversal sequences (%2F for /) bypasses input validation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-digitek-grupo-azkoyen
Restart Required: Yes
Instructions:
1. Contact PRIMION DIGITEK/Azkoyen Group for firmware updates 2. Apply vendor-provided patches 3. Restart affected devices 4. Verify patch effectiveness
🔧 Temporary Workarounds
Network Access Restriction
linuxRestrict network access to device web interfaces using firewall rules
iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
Web Server Configuration
allConfigure web server to reject URLs containing directory traversal sequences
Add URL filtering rules in web server configuration to block patterns containing ..%2F, %2F.., etc.
🧯 If You Can't Patch
- Isolate affected devices in separate VLAN with strict access controls
- Implement WAF rules to block path traversal patterns at network perimeter
🔍 How to Verify
Check if Vulnerable:
Attempt to access http://<device_ip>/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd and check if system files are returnedCheck Version:
Check device web interface or console for firmware version informationVerify Fix Applied:
Attempt the same traversal attack after patching - should return error or access denied📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing ..%2F patterns
- Multiple failed attempts to access system directories
- Unusual file access patterns from single IP
Network Indicators:
- HTTP GET requests with encoded slashes in URL paths
- Traffic to device web interfaces from unexpected sources
SIEM Query:
source="web_logs" AND (url="*..%2F*" OR url="*%2F..*")