// For flags

CVE-2020-20094

RTLO Injection URI Spoofing

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages

Instagram iOS para iOS versiones 106.0 y anteriores y para Android versiones 107.0.0.11 y versiones anteriores de interfaz de usuario, no representa apropiadamente los mensajes URI para el usuario, lo que resulta en una suplantación de URI por medio de mensajes especialmente diseñados

RTLO injection URI spoofing generator for WhatsApp, iMessage, Instagram, and Facebook Messenger.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-08-13 CVE Reserved
  • 2022-03-23 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-10-27 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Facebook
Search vendor "Facebook"
Instagram
Search vendor "Facebook" for product "Instagram"
<= 106.0
Search vendor "Facebook" for product "Instagram" and version " <= 106.0"
iphone_os
Affected
Facebook
Search vendor "Facebook"
Instagram
Search vendor "Facebook" for product "Instagram"
<= 107.0.0.11
Search vendor "Facebook" for product "Instagram" and version " <= 107.0.0.11"
android
Affected