Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a local file inclusion attack (LFI), where any authenticated user has privileged access to files on the device's filesystem.
Credits
notnotnotveg (notnotnotveg@gmail.com) reported this vulnerability to CISA.
