What is CVE-2020-12447?

CVE-2020-12447 is a vulnerability in N/a. Published 2020-04-29.

Is CVE-2020-12447 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-12447

A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow.

EPSS: 0.798 (99.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/kenzer-templates

References

blog.spookysec.net/onkyo-lfi/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-12447?: CVE-2020-12447 is a vulnerability in N/a. Published 2020-04-29.
Is CVE-2020-12447 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.