Description
Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
http://support.tobesoft.co.kr/Support/index.html
Third Party Advisory x_refsource_confirm
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35491
Scores
CVSS v3
7.8
EPSS
0.0161
EPSS Percentile
73.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (2)
nexaweb/nexacro_14
< 2019.9.6
nexaweb/nexacro_17
< 2019.9.6
Published
Jul 02, 2020
Tracked Since
Feb 18, 2026