CVE-2020-7825

Summary

A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform.

Affected Software

VendorProductVersion RangeStatus
TOBESOFTMiPlatform 320, 320U, 330, 330U2019.05.16 and earlier versionsaffected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

ADP Enrichment

CVE Program Container

Additional References

References