CVE-2020-7875 HIGH

CVE-2020-7875: RAONWIZ DEXT5 Upload ActiveX remote file execution vulnerability

Vendor Raonwiz
Product DEXT5 Upload
Weakness CWE-494 · Download without integrity check
Published October 28, 2021
Last update August 4, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.

Key dates

02Disclosure timeline

October 28, 2021 CVE published
August 4, 2024 Record updated