CVE-2021-4463
published 2025-11-12CVE-2021-4463: Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint…
PriorityP267high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.35%
68.0th percentile
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| shenzhen_longjing_technology_co_ltd | bems_api | <= 1.21 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Send an unauthenticated HTTP GET request to /api/downloads with a fileName parameter containing directory traversal sequences (e.g., ../../../../../../../../etc/passwd). A 200 response containing 'root:.*:0:0:' confirms exploitation. ↗
- →No authentication is required to trigger the vulnerability. Monitor for unauthenticated GET requests to the /api/downloads endpoint containing '../' traversal sequences in the fileName parameter. ↗
- →Match HTTP 200 responses to /api/downloads requests that return Unix passwd file content (root:.*:0:0:) as a confirmation of successful local file inclusion. ↗
- ·The vulnerability affects Longjing Technology BEMS API versions up to and including 1.21. The traversal depth used in the PoC (8 levels: ../../../../../../../../) may need adjustment depending on the deployment path of the application. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Longjing Technology BEMS API 1.21 - Unauthenticated Arbitrary File Download
nuclei·CVSS 8.7
CVE-2021-4463 [HIGH] Longjing Technology BEMS API 1.21 - Unauthenticated Arbitrary File Download
Longjing Technology BEMS API 1.21 - Unauthenticated Arbitrary File Download
Longjing Technology BEMS API 1.21 is vulnerable to local file inclusion. Input passed through the fileName parameter through the downloads API endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.
Template:
id: CVE-2021-4463
info:
name: Longjing Technology BEMS API 1.21 - Unauthenticated Arbitrary File Download
author: gy741
severity: high
description: Longjing Technology BEMS API 1.21 is vulnerable to local file inclusion. Input passed through the fileName parameter through the downloads API endpoint is not properly verified before being used to download files. This can be explo
No writeups or analysis indexed.
https://cxsecurity.com/issue/WLB-2021070173https://exchange.xforce.ibmcloud.com/vulnerabilities/206477https://packetstormsecurity.com/files/163702https://web.archive.org/web/20220527162453/http://www.ljkj2012.com/https://www.exploit-db.com/exploits/50163https://www.vulncheck.com/advisories/longjing-technology-bems-api-remote-arbitrary-file-downloadhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5657.php
2025-11-12
Published