2 matches found
CVE-2020-17384
Affected product: Cellopoint CelloOS v4.1.10 Build 20190922. Root cause: improper validation of URL input, enabling remote command execution. Exploitation requires the attacker to possess the system administrator’s cookie, leading to arbitrary command execution on the system. CVSS data indicates ...
CVE-2020-17384 Cellopoint CelloOS - Remote Command Execution (RCE)
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system...