PT-2020-14390 · Thingssdk · Thingssdk Wifi Scanner

Abhishekherle

Published

2020-06-29

Updated

2021-07-21

CVE-2020-15362

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions thingsSDK WiFi Scanner version 1.0.1

Description The issue allows code injection because the wifiscanner.js component can be used with options to overwrite the default executable/binary path and its arguments, enabling an attacker to execute arbitrary code.

Recommendations For version 1.0.1, consider restricting the use of the wifiscanner.js component until a patch is available to prevent arbitrary code execution.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-15362

GHSA-M6RW-M2V9-7HX4

Affected Products

Thingssdk Wifi Scanner

PT-2020-14390 · Thingssdk · Thingssdk Wifi Scanner

CVE-2020-15362

Weakness Enumeration

Related Identifiers

Affected Products

References · 4