Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-7863

A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting the parameter to the command they want to execute. A successful exploit could allow the attacker to execute arbitrary commands on a target system as the user. However, the victim must run the Internet Explorer browser with administrator privileges because of the cross-domain policy.

Published

2021-08-05T21:15:09.897

Last Modified

2024-11-21T05:37:56.150

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	raonwiz	raon_k_upload	< 2018.0.2.56	Yes

References

http://www.raonk.com/page/customs/modify.aspx?pSeq=20&pageno=1 Vendor Advisory ([email protected])
https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36166 Third Party Advisory ([email protected])
http://www.raonk.com/page/customs/modify.aspx?pSeq=20&pageno=1 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36166 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)