CVE-2020-17383

moderate-risk

Published 2022-01-24

A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote configuration of the device through the WebUI.

Do I need to act?

6.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Z\/Ip One Firmware

Affected Vendors

Telosalliance

References (6)

Broken Link https://sra.io/blog-post/

Exploit https://sra.io/blog/this-traversal-had-a-face-for-radio-cve-2020-17383/

Vendor Advisory https://www.telosalliance.com/downloads?search=software-updates#downloadListing

Broken Link https://sra.io/blog-post/

Exploit https://sra.io/blog/this-traversal-had-a-face-for-radio-cve-2020-17383/

Vendor Advisory https://www.telosalliance.com/downloads?search=software-updates#downloadListing

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 9/34 · Low

Exposure 5/34 · Minimal