Code injection

2020-09-3018:15:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.8%

JSON

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution.

CPENameOperatorVersion
ozeki_ng_sms_gatewayle4.17.6

CPE	Name	Operator	Version
	ozeki_ng_sms_gateway	le	4.17.6

References

www.ozeki.hu/index.php?owpn=231

github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14030-RCE%20via%20.NET%20Deserialization-Ozeki%20SMS%20Gateway