CVE-2020-23591

Published: Nov 23, 2022Modified: Apr 29, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf *.*' in the code), reverse connection (using '.asp' webshell), backdoor.

Affected (1)

Products: Optilinknetwork: Op Xt71000n Firmware

Optilinknetwork

1 product

Op Xt71000n Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Optilinknetwork Op Xt71000n Firmware	Version 3.3.1-191028

Running on/with	Platform Versions
Optilinknetwork Op Xt71000n	Version 2.2

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://github.com/huzaifahussain98/CVE-2020-23591

Source: cve@mitre.org

Third Party Advisory

https://github.com/huzaifahussain98/CVE-2020-23591

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.