CVE-2020-7863 HIGH

CVE-2020-7863: Raonwiz RAON K Upload Arbitrary Command Execution Vulnerability

Vendor Raonwiz,Inc

Product RAON K Upload

Weakness CWE-20 · Input validation

Published August 5, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting the parameter to the command they want to execute. A successful exploit could allow the attacker to execute arbitrary commands on a target system as the user. However, the victim must run the Internet Explorer browser with administrator privileges because of the cross-domain policy.

Key dates

02Disclosure timeline

August 5, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-7863 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2020-7863

CWE CWE-20

CVSS 8.8 / HIGH

Affected versions