ID:5849 - Exploit for Arbitrary file upload in FlexAir - CVE-2019-9189

Link to public exploit:

Vulnerability description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the application allows the upload of arbitrary Python scripts when configuring the main central controller. A remote authenticated administrator can  immediately execute these scripts and gain full access to the target system.

Remediation