Lucene search

[email protected]CVE-2020-12837

HistorySep 24, 2020 - 4:15 p.m.

CVE-2020-12837

2020-09-2416:15:13

CWE-434

[email protected]

web.nvd.nist.gov

ismartgate

pro 1.5.9

vulnerability

file upload

garage door

image upload

nvd

cve-2020-12837

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.2%

JSON

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used.

Affected configurations

NVD

Node

gogogateismartgate_proMatch-

AND

gogogateismartgate_pro_firmwareMatch1.5.9

CPENameOperatorVersion
gogogate:ismartgate_pro_firmwaregogogate ismartgate pro firmwareeq1.5.9

CPE	Name	Operator	Version
gogogate:ismartgate_pro_firmware	gogogate ismartgate pro firmware	eq	1.5.9

References

ismartgate.com/secure-garage-door/

kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.2%

JSON

Related for CVE-2020-12837

nvd1 cvelist1 prion1