CVE-2020-7858 MEDIUM

CVE-2020-7858: AquaNPlayer directory traversing vulnerability

Vendor Cdnetworks
Product AquaNPlayer
Weakness CWE-548 · Directory listing
Published April 22, 2021
Last update August 4, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage.

Key dates

02Disclosure timeline

April 22, 2021 CVE published
August 4, 2024 Record updated