CVE-2020-7808
RAONWIZ Inc K Upload, arguments modiffication via missing support for integrity check vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it.
En RAONWIZ K Upload v2018.0.2.51 y anteriores, el proceso de actualización automática sin verificación de integridad en el módulo de actualización (web.js) permite a un atacante modificar argumentos que provocan la descarga de una DLL aleatoria y la inyección en él.
*Credits:
Soonchan Hwang
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-22 CVE Reserved
- 2020-05-21 CVE Published
- 2023-03-07 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
- CWE-353: Missing Support for Integrity Check
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35424 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Raonwiz Search vendor "Raonwiz" | Raon K Upload Search vendor "Raonwiz" for product "Raon K Upload" | <= 2018.0.2.51 Search vendor "Raonwiz" for product "Raon K Upload" and version " <= 2018.0.2.51" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | - | - |
Safe
|
| Raonwiz Search vendor "Raonwiz" | Raon K Upload Search vendor "Raonwiz" for product "Raon K Upload" | <= 2018.0.2.51 Search vendor "Raonwiz" for product "Raon K Upload" and version " <= 2018.0.2.51" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | - |
Safe
|
| Raonwiz Search vendor "Raonwiz" | Raon K Upload Search vendor "Raonwiz" for product "Raon K Upload" | <= 2018.0.2.51 Search vendor "Raonwiz" for product "Raon K Upload" and version " <= 2018.0.2.51" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 8 Search vendor "Microsoft" for product "Windows 8" | - | - |
Safe
|