CVE-2026-36829
CriticalSummary
CVE-2026-36829 describes an authentication bypass vulnerability in the embedded HTTP server of the Panabit PAP-XM320 device up to and including version 7.7. The server validates session cookies based on a user-controlled value, allowing for directory traversal and bypassing authentication.
Risk Assessment
The organization may be exposed to unauthorized access to the system, potentially leading to data leaks or unauthorized actions within the system.
Recommendation
It is recommended to update the Panabit PAP-XM320 device to the latest version to mitigate this vulnerability and implement additional security measures against directory traversal attacks.
Original NVD description (English source)
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and bypass of authentication.

