본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7858 | AquaNPlayer directory traversing vulnerability2021.04.22
□ Overview
o cdnetworks released security update to address information leakage through directory traversing vulnerability in AquaNPlayer(media player).
Vulnerability Type Impact Severity CVSS Score CVE ID
directory traversing information leakage Medium 6.8 CVE-2020-7858
 
□ Description
o There is a directory traversing vulnerability in the download page url of AquaNPlayer. The IP of the download page url is localhost and attacker
can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage .
(CVE-2020-7858)
 
□ Affected Product
 
Product Version OS
AquaNPlayer 2.0.0.92 Windows

□ Solution
 o Update program over AquaNPlayer 2.0.0.99 version or higher.

□ Acknowledgements
 o Thanks to Yeonghoon Lee for reporting these vulnerabilities.

□ Reference
 [1] https://www.cdnetworks.com/ko/aqua-nplayer
 


□ 작성 : 침해사고분석단 취약점분석팀