Lucene search

[email protected]CVE-2020-12447

HistoryApr 29, 2020 - 3:15 a.m.

CVE-2020-12447

2020-04-2903:15:17

CWE-22

[email protected]

web.nvd.nist.gov

cve-2020-12447

onkyo

tx-nr585

lfi

directory traversal

nvd

security

vulnerability

device

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.8%

JSON

A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow.

Affected configurations

NVD

Node

onkyotx-nr585_firmwareMatch1000-0000-000-0008-0000

AND

onkyotx-nr585Match-

CPENameOperatorVersion
onkyo:tx-nr585_firmwareonkyo tx-nr585 firmwareeq1000-0000-000-0008-0000

CPE	Name	Operator	Version
onkyo:tx-nr585_firmware	onkyo tx-nr585 firmware	eq	1000-0000-000-0008-0000

References

blog.spookysec.net/onkyo-lfi/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.8%

JSON

Related for CVE-2020-12447

cvelist1 nvd1 prion1 nuclei1 openvas1