Read the CVE again carefully. There are two possible file types. The directory that contains the file is also described.
Thanks a lot, @PayloadBunny!
I started more carefully to fuzz using possible scenarios by CVE description. It seems the file can be missed fuzzing it recursively as in my case with ffuf. However, fuzzing it from the target directory I reached the success.
There’s a vulnerability in one service that you can use to upload a reverse shell. It’s not so easy to detect, but Google is your friend right after banner grabbing.