An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling unauthenticated attackers to read arbitrary files on
the system, and potentially causing a denial-of-service attack.
Credits
Amir Zaltzman and Noam Moshe of Claroty Team82 reported this vulnerability to CISA.
