Externally Controlled Reference to a Resource in Another Sphere
An information disclosure vulnerability exists in the "chunkFile" functionality of WWBN AVideo in versions prior to 12.4. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.
CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.