Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.
Intel Processor
Exploit
CVE-2018-12031
NVD
Refer to CVE-2018-12031 NVD advisory