Lucene search

KrcertCVELIST:CVE-2020-7832

HistorySep 07, 2021 - 2:47 p.m.

CVE-2020-7832 RAONWIZ DEXT5 Upload remote code execution vulnerability

2021-09-0714:47:21

CWE-20

krcert

www.cve.org

raonwiz

dext5 upload

vulnerability

unauthenticated

code execution

improper input validation

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "DEXT5 Upload",
    "vendor": "RAONWIZ",
    "versions": [
      {
        "lessThanOrEqual": "5.0.0.117",
        "status": "affected",
        "version": "5.0.0.117",
        "versionType": "custom"
      }
    ]
  }
]

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36231

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

Related for CVELIST:CVE-2020-7832