PT-2022-8603 · Unknown+2 · Platinum Upnp Sdk+2
Pokerfacett
·
Published
2019-07-22
·
Updated
2025-02-13
·
CVE-2020-19858
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Platinum Upnp SDK versions prior to 1.2.1
Description
The issue allows for a directory traversal attack, which could be exploited by sending a malicious URL, such as "http://ip:port/../privacy.avi", to compromise a victim's privacy. This could potentially allow an attacker to access sensitive information.
Recommendations
For Platinum Upnp SDK versions prior to 1.2.1, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using URLs that contain ../ to prevent directory traversal attacks.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Platinum Upnp Sdk
Ubuntu