CVE-2020-7880
HIGHNeoRS ActiveX - Remote File Download and Execution via StartNeoRS
Title source: manualDescription
The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36367
Scores
CVSS v3
7.5
EPSS
0.0161
EPSS Percentile
72.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
douzone/neors
< rs10
Published
Nov 30, 2021
Tracked Since
Feb 18, 2026