The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
Credits
Daniel Hulliger from Armasuisse Cyber-Defence campus.
Damian Pfammatter from Armasuisse Cyber-Defence campus.
Adrien Rey from Armasuisse Cyber Defense Campus Zurich