PT-2021-14119 · Unknown · Solarview Compact Sv-Cpt-Mc310

Katsunari Yoshioka

Published

2021-02-24

Updated

2021-03-01

CVE-2021-20659

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: SolarView Compact SV-CPT-MC310 versions prior to Ver.6.5

Description: The issue allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the uploaded file is a PHP script, the attacker may be able to execute arbitrary code.

Recommendations: For SolarView Compact SV-CPT-MC310 versions prior to Ver.6.5, update to Ver.6.5 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to prevent the execution of arbitrary code.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-20659

Affected Products

Solarview Compact Sv-Cpt-Mc310

PT-2021-14119 · Unknown · Solarview Compact Sv-Cpt-Mc310

CVE-2021-20659

Weakness Enumeration

Related Identifiers

Affected Products

References · 6