exploitDog

CVE-2020-12843

Опубликовано: 24 сент. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.

Ссылки

https://ismartgate.com/secure-garage-door/
Product
Vendor Advisory
https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf
Exploit
Third Party Advisory
https://ismartgate.com/secure-garage-door/
Product
Vendor Advisory
https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:gogogate:ismartgate_pro_firmware:1.5.9:*:*:*:*:*:*:*

cpe:2.3:h:gogogate:ismartgate_pro:-:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00518

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-h7mg-9xr4-w524

github

больше 3 лет назад

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.

EPSS

Процентиль: 66%

0.00518

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434