How severe is CVE-2020-8809?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2020-8809?

This is classified as CWE-494, which is a common weakness in software security.

CVE-2020-8809

HIGH Year: 2020

CVSS v3 Score

8.1

High

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-494

View all →

Vulnerability Description

Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker can modify the contents of downloaded files. In the case of add-ins (if the user is using those), this will lead to code execution. In case of OBIS codes (which the user is always using as they are needed to communicate with the energy meters), this can lead to code execution when combined with CVE-2020-8810.

CVE-2008-3324

HIGH

CVSS:8.1(High)

The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse upd...

CWE-4942008

CVE-2008-3438

HIGH

CVSS:8.1(High)

Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS ...

CWE-4942008

CVE-2016-6564

HIGH

CVSS:8.1(High)

Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binar...

CWE-4942016

CVE-2018-13012

HIGH

CVSS:8.1(High)

Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before...

CWE-4942018

CVE-2019-10240

HIGH

CVSS:8.1(High)

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by...

CWE-4942019

CVE-2019-10248

HIGH

CVSS:8.1(High)

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM...

CWE-4942019

CVE-2020-8809

Vulnerability Description

Related Vulnerabilities

CVE-2008-3324

CVE-2008-3438

CVE-2016-6564

CVE-2018-13012

CVE-2019-10240

CVE-2019-10248