□ Overview
o RAONWIZ Co.,Ltd released security update to address improper input validation vulnerability in DEXT5 Upload. (file transfer solution)
Vulnerability
| Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
| Improper input validation |
remote code execution |
High |
8.8 |
CVE-2020-7832 |
□ Description
o A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)
□ Affected Product
Affected Product
| Product |
Version |
Platform |
| DEXT5 Upload |
5.0.0.117 and prior |
Windows |
□ Solution
o Update software over 5.0.0.118 version or higher.
□ Reference
[1] http://www.raonwiz.com/raon_product09.html
□ Etc
o Thanks to Donghyeon Yu for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀 |
