Ax Series Loadbalancer
Approved changes feed: RSS · Atom
cpe:2.3:a:a10_networks:ax_series_loadbalancer:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | A10 Networks (f21e3bdc-e4fb-5fc7-95db-e2b38bb4ebdf) |
|---|---|
| Product | Ax Series Loadbalancer (8dd74d08-819d-5c92-9635-006747018703) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2014-125125 |
vulnerable | 2026-06-03 14:33:41.263950 |
A10 Networks AX Loadbalancer Path Traversal
A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP requests containing directory traversal sequences to read arbitrary files outside the intended directory. The files returned by the vulnerable endpoint are deleted from the system after retrieval. This can lead to unauthorized disclosure of sensitive information such as SSL certificates and private keys, as well as unintended file deletion.
Published: 2025-07-31T14:50:53.697Z
Updated: 2026-05-15T11:14:23.430Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.