CVE-2020-7863

Name of the Vulnerable Software and Affected Versions: Raonwiz File Transfer Solution (affected versions not specified)

Description: A vulnerability in the File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This issue is due to insufficient validation of the parameter of a specific method. An attacker could exploit this by setting the parameter to the command they want to execute, potentially allowing the execution of arbitrary commands on a target system as the user. The exploit requires the victim to run the Internet Explorer browser with administrator privileges due to cross-domain policy restrictions.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.