CVE-2020-8809

Published: Feb 25, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker can modify the contents of downloaded files. In the case of add-ins (if the user is using those), this will lead to code execution. In case of OBIS codes (which the user is always using as they are needed to communicate with the energy meters), this can lead to code execution when combined with CVE-2020-8810.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://seqred.pl/en/cve-gurux-gxdlms-director/

x_refsource_MISC

https://github.com/seqred-s-a/gxdlmsdirector-cve

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-8809

Description

Affected Products

References