2 matches found
CVE-2020-8809
Gurux GXDLMS Director pre-8.5.1905.1301 downloads updates over HTTP. A MITM can modify gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml, causing downloaded files to be altered. This can lead to code execution via add-ins, and via OBIS codes when combined with CVE-2020-8810. Connected sour...
CVE-2020-8810
CVE-2020-8810 affects Gurux GXDLMS Director prior to 8.5.1905.1301. The issue arises when downloading OBIS codes: the product does not verify downloaded files as OBIS codes and does not enforce path traversal checks, enabling a MITM attacker (via CVE-2020-8809) to replace updates over HTTP and pl...