9.8
CVE-2020-12843
- EPSS 0.52%
- Veröffentlicht 24.09.2020 16:15:14
- Zuletzt bearbeitet 21.11.2024 05:00:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gogogate ≫ Ismartgate Pro Firmware Version1.5.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.659 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.