CVE-2020-12042

EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73
Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access.

Risk Information

  • CVE ID
  • CVE-2020-12042
  • Vendor
  • Opto22
  • Product
  • SoftPAC
  • CVSS v3
  • 6.5