Global RADAR BSA Radar 1.6.7234.24750及之前版本中的Surveillance模块的管理员部分的downloadFile.ashx存在安全漏洞。攻击者可利用该漏洞查看本地敏感文件或配置文件。
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14946%20-%20Local%20File%20Inclusion.md
来源:MISC
链接:https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities
来源:MISC
链接:https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14946%20-%20Local%20File%20Inclusion.md
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2020-14946
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158420/BSA-Radar-1.6.7234.24750-Local-File-Inclusion.html
来源:www.exploit-db.com
链接:https://www.exploit-db.com/exploits/48666
