CVE-2020-17485
published 2023-12-16CVE-2020-17485: A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.84%
76.3th percentile
A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unrestricted file upload attempts to the Uffizio GPS Tracker web server, particularly uploads of web shells or reverse shells, which could indicate exploitation of CVE-2020-17485. ↗
- →Monitor HTTP requests to port 9000 on Uffizio GPS Tracker hosts for unauthorized access; JSON responses from this port may indicate information disclosure (CVE-2020-17483) and could be a precursor to CVE-2020-17485 exploitation. ↗
- ·No vendor-supplied mitigations or workarounds are available; Uffizio has not patched any version of the GPS Tracker software as of the advisory date. ↗
- ·All versions of the GPS Tracker software are affected; there is no safe version to upgrade to. ↗
- ·No known public exploits specifically targeting CVE-2020-17485 were identified at the time of the advisory. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Uffizio GPS Tracker
cisa_ics·2021-10-18·CVSS 7.5
[HIGH] Uffizio GPS Tracker
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Uffizio GPS Tracker
Last RevisedOctober 18, 2021
Alert CodeICSA-21-287-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Uffizio
- Equipment: GPS Tracker
- Vulnerabilities: Improper Access Control, Unrestricted Upload of File with Dangerous Type, Open Redirect, Cross-site Scripting, Cross-site Request Forgery
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker with access to the host to view sensitive information, gain code execution, cause a redirection to an arbitrary exte
GHSA
GHSA-vxm8-rc98-qx4f: A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions
ghsa_unreviewed·2023-12-16
CVE-2020-17485 [CRITICAL] GHSA-vxm8-rc98-qx4f: A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions
A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-16
Published