// For flags

CVE-2020-7814

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to be downloaded and excuted by lack of validation to file extension, witch can used as remote-code-excution attacks by hackers File download & execution vulnerability in ____COMPONENT____ of RAONWIZ RAON KUpload allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions prior to 2018.0.2.51 on Windows.

RAONWIZ versiones v2018.0.2.50 y anteriores, contienen una vulnerabilidad que podría permitir que archivos remotos sean descargados y ejecutados por una falta de comprobación de la extensión del archivo, que puede ser usado como ataques de ejecución de código remota mediante una vulnerabilidad de descarga y ejecución de Archivos de hackers en ____COMPONENT____ de RAONWIZ RAON KUpload permite que ____ATTACKER/ATTACK____ cause ____IMPACT____. Este problema afecta a: RAONWIZ RAON KUpload versiones 2018.0.2.50 anteriores a 2018.0.2.51 en Windows

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-22 CVE Reserved
  • 2020-07-10 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-10-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Raonwiz
Search vendor "Raonwiz"
Raon K Upload
Search vendor "Raonwiz" for product "Raon K Upload"
< 2018.0.2.51
Search vendor "Raonwiz" for product "Raon K Upload" and version " < 2018.0.2.51"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe