CVE-2020-25010

Name of the Vulnerable Software and Affected Versions Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version: R0002.P05

Description The issue allows remote attackers to execute arbitrary code by uploading a malicious script file. This is achieved by constructing a POST type request and including a payload in the request parameters as an instruction to write a file.

Recommendations For Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version: R0002.P05, consider restricting access to the device to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable request parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.