CVE-2020-15809
MEDIUMSpinetiX DSOS HMP350 HMP300 DiVA HMP400 HMP400W < 4.5.2 - Server-Side Request Forgery and Path Traversal
Title source: llmDescription
spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://support.spinetix.com/wiki/SpinetiX-SA-20:01
Release Notes, Vendor Advisory x_refsource_misc
https://support.spinetix.com/wiki/DSOS_release_notes
Scores
CVSS v3
6.5
EPSS
0.0094
EPSS Percentile
56.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
CWE-918
Status
published
Products (6)
spinetix/diva_firmware
< 4.5.2-1.0.36229
spinetix/dsos
< 4.5.2-1.0.2-1eb2ffbd
spinetix/hmp300_firmware
< 4.5.2-1.0.36229
spinetix/hmp350_firmware
< 4.5.2-1.0.36229
spinetix/hmp400_firmware
< 4.5.2-1.0.2-1eb2ffbd
spinetix/hmp400w_firmware
< 4.5.2-1.0.2-1eb2ffbd
Published
Mar 24, 2021
Tracked Since
Feb 18, 2026