CVE-2020-7808

HIGH

RAONWIZ K Upload <v2018.0.2.51 - Code Injection

Title source: llm

Description

In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it.

References (1)

[Third Party Advisory] https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35424

Scores

CVSS v3 8.7

EPSS 0.0024

EPSS Percentile 46.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H

Classification

CWE

CWE-353 CWE-88

Status published

Affected Products (1)

raonwiz/raon_k_upload < 2018.0.2.51

Timeline

Published May 21, 2020

Tracked Since Feb 18, 2026