Login Sign Up

CVE-2020-22159

8.8 HIGH
Path Traversal

📋 TL;DR

This vulnerability allows authenticated attackers to upload arbitrary files to EVERTZ devices, potentially enabling webshell deployment or critical system file overwrites. It affects specific EVERTZ hardware models running vulnerable firmware versions. Organizations using these devices for multicast video transport are at risk.

💻 Affected Systems

Products:
  • EVERTZ 3080IPX
  • EVERTZ 7801FC
  • EVERTZ 7890IXG
Versions: 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, 7890IXG V494
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access but default credentials may be in use. Affects specific firmware builds on these hardware models.

📦 What is this software?

3080ipx Firmware by Evertz

View all CVEs affecting 3080ipx Firmware →

7801fc Firmware by Evertz

View all CVEs affecting 7801fc Firmware →

7890ixg Firmware by Evertz

View all CVEs affecting 7890ixg Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to persistent remote access, data exfiltration, or device bricking through critical file overwrites.

🟠

Likely Case

Unauthorized file upload leading to webshell installation for command execution and lateral movement within the network.

🟢

If Mitigated

Limited impact with proper network segmentation and authentication controls preventing unauthorized access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authentication but is straightforward once access is obtained. Public blog posts demonstrate the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not publicly available

Restart Required: No

Instructions:

Contact EVERTZ support for firmware updates. No public patch information available at this time.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate EVERTZ devices from untrusted networks and restrict access to management interfaces.

Authentication Hardening

all

Change default credentials and implement strong authentication policies.

🧯 If You Can't Patch

  • Implement strict network access controls allowing only trusted IPs to connect to management interfaces
  • Monitor file upload activities and implement file integrity monitoring on critical system files

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against affected versions. Test authenticated file upload functionality for path traversal.

Check Version:

Check via device web interface or CLI (device-specific commands vary)

Verify Fix Applied:

Verify firmware has been updated to a version not listed in affected versions. Test file upload functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file upload activities
  • Authentication attempts from unexpected sources
  • File modification timestamps on critical system files

Network Indicators:

  • HTTP POST requests to file upload endpoints
  • Unexpected outbound connections from devices

SIEM Query:

source="evertz_device" AND (event="file_upload" OR event="file_modification")

📊 Metadata

CVE ID: CVE-2020-22159
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: July 18, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-22159, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)