cbcvebase.
CVE-2020-19360
published 2021-01-20

CVE-2020-19360: Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive…

PriorityP260high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
20.22%
97.1th percentile
Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.

Affected

2 ranges
VendorProductVersion rangeFixed in
fasterxmljackson-databind>= 0 < 2.4.2-3ubuntu0.1~esm22.4.2-3ubuntu0.1~esm2
fhemfhem

Detection & IOCsextracted from sources · hover to see the quote

url/fhem/FileLog_logWrapper?dev=Logfile&file=%2fetc%2fpasswd&type=text
path/fhem/FileLog_logWrapper
  • Send a GET request to /fhem/FileLog_logWrapper with parameters dev=Logfile, file=%2fetc%2fpasswd, and type=text; a successful LFI response will return HTTP 200 and contain the regex pattern 'root:[x*]:0:0' in the body.
  • The exploitable parameter is 'file' in the FileLog_logWrapper endpoint; path traversal via URL-encoded slashes (%2f) is used to reach /etc/passwd.
  • ·The Nuclei template targets FHEM version 6.0 specifically; other versions may or may not be vulnerable.
  • ·The vulnerability is unauthenticated (PR:N, UI:N), meaning no credentials are required to exploit the LFI endpoint.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.