CVE-2021-4463
Longjing Technology BEMS API <= 1.21 Remote Arbitrary File Download
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.
| CWE | CWE-552 CWE-22 |
| Vendor | shenzhen longjing technology co. ltd. |
| Product | bems api |
| Published | Nov 12, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for shenzhen longjing technology co. ltd. bems api
Be the first to know when new unknown vulnerabilities affecting shenzhen longjing technology co. ltd. bems api are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Shenzhen Longjing Technology Co. Ltd. / BEMS API
0 โค 1.21
References
zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5657.php exploit-db.com: https://www.exploit-db.com/exploits/50163 packetstormsecurity.com: https://packetstormsecurity.com/files/163702 cxsecurity.com: https://cxsecurity.com/issue/WLB-2021070173 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/206477 web.archive.org: https://web.archive.org/web/20220527162453/http://www.ljkj2012.com/ vulncheck.com: https://www.vulncheck.com/advisories/longjing-technology-bems-api-remote-arbitrary-file-download
Credits
Gjoko Krstic of Zero Science Lab