Arbitrary Remote Command Execution Vulnerability in MiPlatform 2019.05.16 and Earlier

Arbitrary Remote Command Execution Vulnerability in MiPlatform 2019.05.16 and Earlier

CVE-2020-7825 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform.

Learn more about our Api Penetration Testing.