본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7832 | RAONWIZ DEXT5 Upload remote code execution vulnerability2021.09.07
□ Overview
 o RAONWIZ Co.,Ltd released security update to address improper input validation vulnerability in DEXT5 Upload. (file transfer solution)
Vulnerability Type Impact Severity CVSS Score CVE ID
Improper input validation remote code execution High 8.8 CVE-2020-7832

□ Description
 o A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)

□ Affected Product
Product Version Platform
DEXT5 Upload 5.0.0.117 and prior Windows

□ Solution
 o Update software over 5.0.0.118 version or higher.

□ Reference
 [1] http://www.raonwiz.com/raon_product09.html

□ Etc
 o Thanks to Donghyeon Yu for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀