CVE-2020-19360

HIGH NUCLEI

FHEM 6.0 - Local File Inclusion via FileLog_logWrapper File Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-19360. PoCs published by zzzz966, a1665454764. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits CVE-2020-19360, an arbitrary file read vulnerability in Fhem via the FileLog_logWrapper endpoint. It sends a crafted HTTP request to read /etc/passwd and checks for a 200 response to confirm vulnerability.

Description

Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.

Exploits (2)

nomisec WORKING POC

by zzzz966 · poc

https://github.com/zzzz966/CVE-2020-19360

View Code ZIP pw:eip

This PoC exploits CVE-2020-19360, an arbitrary file read vulnerability in Fhem via the FileLog_logWrapper endpoint. It sends a crafted HTTP request to read /etc/passwd and checks for a 200 response to confirm vulnerability.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Fhem (version not specified)

No auth needed

Prerequisites: Network access to the Fhem web interface

MITRE ATT&CK

T1083 - File and Directory Discovery T1119 - Automated Collection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by a1665454764 · poc

https://github.com/a1665454764/CVE-2020-19360

View Code ZIP pw:eip

This PoC exploits CVE-2020-19360, an arbitrary file read vulnerability in FHEM 6.0 via the FileLog_logWrapper endpoint. It sends a crafted request to read /etc/passwd and checks for the presence of 'root' in the response to confirm vulnerability.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: FHEM 6.0

No auth needed

Prerequisites: Network access to the FHEM instance · FileLog_logWrapper endpoint exposed

MITRE ATT&CK

T1083 - File and Directory Discovery T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

FHEM 6.0 - Local File Inclusion

HIGHby 0x_Akoko

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/EmreOvunc/FHEM-6.0-Local-File-Inclusion-LFI-Vulnerability

View Exploit ZIP pw:eip

Third Party Advisory x_refsource_misc

https://emreovunc.com/blog/en/FHEM-v6.0-LFI-Vulnerability-01.png

Scores

CVSS v3 7.5

EPSS 0.2022

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

fhem/fhem 6.0

Published Jan 20, 2021

Tracked Since Feb 18, 2026