Description
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-3845-be6bf-1.html
Scores
CVSS v3
7.2
EPSS
0.0193
EPSS Percentile
77.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
cellopoint/cellos
4.1.10 build20190922
Published
Aug 25, 2020
Tracked Since
Feb 18, 2026