CVE-2020-29551

Name of the Vulnerable Software and Affected Versions URVE Build 24.03.2020

Description An issue was discovered in URVE, allowing access to various files and scripts, including internal/pc/shutdown.php, which can be used to shut down the system. Other accessible files and scripts include internal/pc/abort.php, internal/pc/restart.php, internal/pc/vpro.php, internal/pc/wake.php, internal/error u201409.txt, internal/runcmd.php, internal/getConfiguration.php, ews/autoload.php, ews/del.php, ews/mod.php, ews/sync.php, utils/backup/backup server.php, utils/backup/restore server.php, MyScreens/timeline.config, kreator.html5/test.php, and addedlogs.txt.

Recommendations As a temporary workaround, consider restricting access to the internal/pc/shutdown.php path and other accessible files and scripts until a patch is available. Restrict access to the internal directory to minimize the risk of exploitation. Avoid using the URVE Build 24.03.2020 until a fixed version is released. At the moment, there is no information about a newer version that contains a fix for this issue.