CVE-2020-10794

Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:gira:tks-ip-gateway_firmware:4.0.7.7:*:*:*:*:*:*:*
cpe:2.3:h:gira:tks-ip-gateway:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:56

Type Values Removed Values Added
References () https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems/ - Exploit, Third Party Advisory () https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems/ - Exploit, Third Party Advisory

Information

Published : 2020-05-07 21:15

Updated : 2024-11-21 04:56


NVD link : CVE-2020-10794

Mitre link : CVE-2020-10794

CVE.ORG link : CVE-2020-10794


JSON object : View

Products Affected

gira

  • tks-ip-gateway_firmware
  • tks-ip-gateway
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')