Raonwiz · Raonwiz File Transfer Solution · CVE-2020-7863
Name of the Vulnerable Software and Affected Versions:
Raonwiz File Transfer Solution (affected versions not specified)
Description:
A vulnerability in the File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This issue is due to insufficient validation of the parameter of a specific method. An attacker could exploit this by setting the parameter to the command they want to execute, potentially allowing the execution of arbitrary commands on a target system as the user. The exploit requires the victim to run the Internet Explorer browser with administrator privileges due to cross-domain policy restrictions.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.