go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center



Cellopoint CelloOS - Unauthenticated Arbitrary File Disclosure

TVN ID TVN-202006003
Public Date 2020-08-27
Affected Products CelloOS v4.1.10 Build 20190922
Description Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.
CVE ID CVE-2020-17385
Solution Update to v4.1.12 Build 20200701 or higher.
Credit Cyku Hong from DEVCORE (https://devco.re)