CVE-2020-7858

Summary

There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage.

Affected Software

VendorProductVersion RangeStatus
cdnetworksAquaNPlayer2.0.0.92 <= 2.0.0.92affected

Weaknesses

  • CWE-548: CWE-548 Information Exposure Through Directory Listing

ADP Enrichment

CVE Program Container

Additional References

References