CVE-2021-20659Unrestricted File Upload in Sv-cpt-mc310 Firmware

CWE-434Unrestricted File Upload3 documents3 sources
Severity
8.8HIGHNVD
EPSS
1.6%
top 18.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Contec Sv-cpt-mc310 FirmwareContec CO LTD Solarview Compact
Timeline
PublishedFeb 24
Latest updateMay 24

Description

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5contec_co_ltd/solarview_compactSV-CPT-MC310 prior to Ver.6.5

🔴Vulnerability Details

2
GHSA
GHSA-gx3m-2wcq-p82x: SolarView Compact SV-CPT-MC310 prior to Ver2022-05-24
CVEList
CVE-2021-20659: SolarView Compact SV-CPT-MC310 prior to Ver2021-02-24
CVE-2021-20659 — Unrestricted File Upload | cvebase