PT-2020-12254 · Fazecast · Jserialcomm

Rwincey

Published

2020-05-06

Updated

2022-01-31

CVE-2020-10626

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Fazecast jSerialComm versions 2.2.2 and prior

Description An uncontrolled search path element issue could allow a malicious DLL file with the same name as any resident DLLs inside the software installation to execute arbitrary code.

Recommendations For Fazecast jSerialComm versions 2.2.2 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2020-10626

ZDI-20-588

Affected Products

Jserialcomm

PT-2020-12254 · Fazecast · Jserialcomm

CVE-2020-10626

Weakness Enumeration

Related Identifiers

Affected Products

References · 5