Timbutku ProのSendリクエストにおいて、ディレクトリトラバーサルの脆弱性が存在するそうです。

II. DESCRIPTION

Remote exploitation of a directory traversal vulnerability in Motorola Inc.'s Timbuktu Pro allows attackers to delete or create files with SYSTEM privileges.

When handling "Send" requests, Timbuktu does not properly check for directory traversal specifiers. Therefore, by including a sequence such as "../../../", an attacker is able to write outside of the intended location. Additionally, if the file already exists, the file is created with a new name. However, if the connection is broken before the transfer completes, Timbuktu will delete the originally specified file name instead of the new name.