In Netgate pfSense CE 2.8.0, the WebCfg - Diagnostics: Command privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Suppliers perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as “/abs/path” that can resolve to a location that is outside of that directory.