CVE-2020-14030

HIGH

Ozeki NG Sms Gateway < 4.17.6 - Insecure Deserialization

Title source: rule

Description

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution.

References (2)

Scores

CVSS v3 7.2
EPSS 0.0300
EPSS Percentile 86.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (1)

ozeki/ozeki_ng_sms_gateway < 4.17.6

Timeline

Published Sep 30, 2020
Tracked Since Feb 18, 2026