VYPR

GXDLMS Director

by Gurux

CVEs (2)

  • CVE-2020-8810HigFeb 25, 2020
    risk 0.53cvss 8.1epss 0.02

    An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. When downloading OBIS codes, it does not verify that the downloaded files are actual OBIS codes and doesn't check for path traversal. This allows the attacker exploiting CVE-2020-8809 to send executable…

  • CVE-2020-8809HigFeb 25, 2020
    risk 0.53cvss 8.1epss 0.01

    Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and…