CVE-2020-8810

HIGH

Gurux GXDLMS Director <8.5.1905.1301 - Path Traversal

Title source: llm
STIX 2.1

Description

An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. When downloading OBIS codes, it does not verify that the downloaded files are actual OBIS codes and doesn't check for path traversal. This allows the attacker exploiting CVE-2020-8809 to send executable files and place them in an autorun directory, or to place DLLs inside the existing GXDLMS Director installation (run on next execution of GXDLMS Director). This can be used to achieve code execution even if the user doesn't have any add-ins installed.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://seqred.pl/en/cve-gurux-gxdlms-director/

Scores

CVSS v3 8.1
EPSS 0.0211
EPSS Percentile 79.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
gurux/device_language_message_specification_director < 8.5.1905.1301
Published Feb 25, 2020
Tracked Since Feb 18, 2026