CVE-2020-7869
CRITICALZOOK - Unauthenticated Arbitrary File Creation via Tight File CMD
Title source: llmDescription
An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36090
Scores
CVSS v3
9.0
EPSS
0.0161
EPSS Percentile
72.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
mastersoft/zook
2.0.4.6
Published
Jun 29, 2021
Tracked Since
Feb 18, 2026