Published: 25/02/2020 Updated: 04/03/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Subscribe to Device Language Message Specification Director

An issue exists in Gurux GXDLMS Director up to and including 8.5.1905.1301. When downloading OBIS codes, it does not verify that the downloaded files are actual OBIS codes and doesn't check for path traversal. This allows the attacker exploiting CVE-2020-8809 to send executable files and place them in an autorun directory, or to place DLLs inside the existing GXDLMS Director installation (run on next execution of GXDLMS Director). This can be used to achieve code execution even if the user doesn't have any add-ins installed.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gurux device language message specification director

CVE-2020-8809 and CVE-2020-8810

Multiple vulnerabilities in Gurux GXDLMS Director – remote code execution Gurux GXDLMS Director is an open-source Windows program for interacting with energy meters through the use of DLMS/COSEM protocol The software has a remote update functionality for add-in DLLs as well as for files containing OBIS codes (device-specific definitions needed to interact with the smart

CWE-22 https://github.com/seqred-s-a/gxdlmsdirector-cve https://seqred.pl/en/cve-gurux-gxdlms-director/https://nvd.nist.gov https://github.com/seqred-s-a/gxdlmsdirector-cve

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-8810

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect