The Busy Box http daemon included in version 1.01 is vulnerable to a directory traversal attack.
e380b92d7f4e0d05711e751fa63d2e333b40b6ba43dd42a33d6fabbc4735b71f
a file traversal attack is possible in busybox's http daemon when you send a url encoded slash like this http://attacked-host//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd I have tested with busy box 1.01 and I dont know if other versions are vulenrable