CVE-2020-12509 An attacker could get files on an older version of CanMoni's tools by path traversal.

CVE-2020-12509 An attacker could get files on an older version of CanMoni's tools by path traversal.

In version 4.2 and later, this issue was fixed by requiring a valid access token for the user to access the file.

In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module. In version 4.2 and later, this issue was fixed by requiring a valid access token for the user to access the file. An unauthenticated attacker could inject malicious JavaScript code into the website that will be executed in the browser of the user visiting the website.

In s::can moni::tools in versions below 4.2 an unauthenticated attacker could inject malicious JavaScript code into the website that will be executed in the browser of the user visiting the website. In s::can moni::tools in versions below 4.2 an unauthenticated attacker could inject malicious CSS code into the website that will be executed in the browser of the user visiting the website.

In s::can moni::tools in versions below 4.2 an unauthenticated attacker could inject malicious CSS code into the website that will be executed in the browser of the user visiting the website. In some cases, the camera-cloud module allowed unauthenticated users to upload files to the cloud.

In some cases, the camera-cloud module allowed unauthenticated users to upload files to the cloud. In some cases, the camera-cloud module allowed un

s::can moni::tools has been patched

s::can moni::tools has been patched.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe