| TVN ID | TVN-202006004 |
|---|---|
| CVE ID | CVE-2020-17386 |
| CVSS | 6.5 (Medium) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Affected Products | CelloOS v4.1.10 Build 20190922 |
| Description | Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system. |
| Solution | Update to v4.1.12 Build 20200701 or higher. |
| Credit | Cyku Hong from DEVCORE (https://devco.re) |
| Public Date | 2020-08-27 |
:::